[wp-trac] [WordPress Trac] #35395: Provide a better gateway for code-based theme customizations with the Customizer
WordPress Trac
noreply at wordpress.org
Tue Jan 12 23:04:18 UTC 2016
#35395: Provide a better gateway for code-based theme customizations with the
Customizer
------------------------------+------------------
Reporter: celloexpressions | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: 4.5
Component: Customize | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
------------------------------+------------------
Changes (by ocean90):
* keywords: has-patch => needs-patch
Comment:
> We should absolutely sanitize the input.
We've to validate and sanitize on input and output. Twenty Fifteen had
stored unfiltered CSS but it got removed, see #30409 for background.
`wp_filter_nohtml_kses()`/`wp_strip_all_tags` are not enough for this use
case. For inspiration you should take a look at
[https://make.wordpress.org/community/tag/jetpack-css-editor/ Remote CSS
Plugin], source available at
https://meta.trac.wordpress.org/browser/sites/trunk/wordcamp.org/public_html
/wp-content/plugins/wordcamp-remote-css.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35395#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list