[wp-trac] [WordPress Trac] #30421: Add ARIA attributes to globally permitted HTML attributes in kses
WordPress Trac
noreply at wordpress.org
Wed Oct 21 17:20:20 UTC 2015
#30421: Add ARIA attributes to globally permitted HTML attributes in kses
-------------------------------------+-------------------------------------
Reporter: jwenerd | Owner: jorbin
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: kses needs-patch needs- | Focuses: accessibility,
unit-tests early | administration
-------------------------------------+-------------------------------------
Comment (by miqrogroove):
Replying to [comment:15 jorbin]:
> Punting. Someone still needs to do some research to show that aria
attributes can't be used to create security issues (yes, I know proving a
negative is hard)
For the record, our standard for entry is significantly higher than that.
The KSES whitelist is used to allow only the elements and attributes that
should be used in anonymous comments {{{$allowedtags}}} or in non-
administrative posts by contributors {{{$allowedposttags}}}.
In addition to safety, we need a convincing argument that a proposed entry
is needed for one of those author groups.
For the proposed ARIA feature, specifically, I see no reason why this
would ever be used in anonymous comments. It is neither needed nor
desirable in most situations. According to the ticket description "This
would be helpful so that users without the unfiltered_html capability
could use ARIA within their content. I can do this with a plugin." I
would like to know in what situation is this actually useful? Who has
non-admin contributors that are trying to use ARIA? Is a plugin not
adequate for those who need this feature?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30421#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list