[wp-trac] [WordPress Trac] #33924: sanitize_html_class valid characters
WordPress Trac
noreply at wordpress.org
Mon Nov 16 02:23:19 UTC 2015
#33924: sanitize_html_class valid characters
-------------------------------------+-----------------------------
Reporter: m-e-h | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Formatting | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+-----------------------------
Comment (by peterwilsoncc):
The more I consider my comment above, the more I think over-sanitization
is unnecessary and possibly counter productive. Both HTML and CSS are
happy with an emoji class name, preventing this will make the function
less usable.
Removing the CSS special characters seems more than enough.
{{{#!php
$pattern = '/[\\\\#%&\',-\/:;<=>@`~\^\$\.\!\[\]\|\{\}\(\)\?\*\+"\s]/';
$sanitized_html_class = preg_replace( $pattern, "",
$unsanitized_html_class );
}}}
Per [attachment:33924.diff].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33924#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list