[wp-trac] [WordPress Trac] #30421: Add ARIA attributes to globally permitted HTML attributes in kses
WordPress Trac
noreply at wordpress.org
Wed Oct 21 18:03:11 UTC 2015
#30421: Add ARIA attributes to globally permitted HTML attributes in kses
-------------------------------------+-------------------------------------
Reporter: jwenerd | Owner: jorbin
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: kses needs-patch needs- | Focuses: accessibility,
unit-tests early | administration
-------------------------------------+-------------------------------------
Comment (by jorbin):
Replying to [comment:16 miqrogroove]:
> Replying to [comment:15 jorbin]:
> > Punting. Someone still needs to do some research to show that aria
attributes can't be used to create security issues (yes, I know proving a
negative is hard)
>
> For the record, our standard for entry is significantly higher than
that. The KSES whitelist is used to allow only the elements and
attributes that should be used in anonymous comments {{{$allowedtags}}} or
in non-administrative posts by contributors {{{$allowedposttags}}}.
>
> In addition to safety, we need a convincing argument that a proposed
entry is needed for one of those author groups.
>
> For the proposed ARIA feature, specifically, I see no reason why this
would ever be used in anonymous comments. It is neither needed nor
desirable in most situations. According to the ticket description "This
would be helpful so that users without the unfiltered_html capability
could use ARIA within their content. I can do this with a plugin." I
would like to know in what situation is this actually useful? Who has
non-admin contributors that are trying to use ARIA? Is a plugin not
adequate for those who need this feature?
The standard also is that all users should be able to create accessible
content. You shouldn't need to have unfiltered_html or to install a plugin
in order to make sure that all end users can have a great experience
reading content you create. While many of the aria attributes have little
likelihood of being useful in comments(aria-label and aria-labelledby
being notable exceptions), there is a high likelihood that the others they
would be usefull in posts.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30421#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list