[wp-trac] [WordPress Trac] #30920: Add support for JavaScript templates (Underscore) to wp_kses()
WordPress Trac
noreply at wordpress.org
Tue Jan 6 00:57:58 UTC 2015
#30920: Add support for JavaScript templates (Underscore) to wp_kses()
---------------------------+------------------------------
Reporter: stevegrunwell | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: template
---------------------------+------------------------------
Comment (by dd32):
I'm not sure I see the need for kses to handle such data myself.
Kses is designed to be used to strip invalid/unsafe HTML code from a user-
supplied string, and does a pretty good job at that.
Any templates should be hard-coded by a developer, either within their
plugin, or allowing another plugin to filter the HTML, there's no real
need to kses the HTML in those cases as it's not coming from an untrusted
user.
Kses is an expensive function call, it should be called as rarely as
possible, for WordPress posts that means it's called on save, and
shouldn't be called on display.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30920#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list