[wp-trac] [WordPress Trac] #34406: wp_kses_hair is too stringent redux
WordPress Trac
noreply at wordpress.org
Fri Oct 23 17:49:36 UTC 2015
#34406: wp_kses_hair is too stringent redux
-------------------------------------------------+-------------------------
Reporter: travisnorthcutt | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: Formatting | Review
Severity: normal | Version: 1.5
Keywords: has-patch dev-feedback needs-unit- | Resolution:
tests | Focuses:
-------------------------------------------------+-------------------------
Comment (by travisnorthcutt):
Replying to [comment:4 miqrogroove]:
> Needs more tests. This is the kind of ticket where the tests will get
more traction than the patch ever will. :)
>
> For example,
>
> {{{
> <img src="" data_at:2x="[audio]" alt="blah" />
> }}}
>
> We expect this shortcode to get stripped automatically upon display,
which almost certainly fails in the proposed patch.
I ''think'' that's not current behavior; without applying my patch, try
this:
{{{#!php
global $allowedposttags;
$test = '<img alt="[blah]" />';
echo wp_kses( $test, $allowedposttags );
}}}
In my testing, the brackets are allowed. So, in that case, your example
fails with the current patch and on existing core, but only if we do
indeed want/expect the shortcode to get stripped. Is that the case,
though? From my reading of the [https://make.wordpress.org/core/2015/10/08
/shortcode-roadmap-draft-three/ Shortcode Roadmap Draft Three] it sounds
like that restriction shouldn't happen until 4.6.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34406#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list