[wp-trac] [WordPress Trac] #42770: Custom HTML Widgets & Google Tracking
WordPress Trac
noreply at wordpress.org
Sun Dec 3 16:34:32 UTC 2017
#42770: Custom HTML Widgets & Google Tracking
--------------------------+------------------------------
Reporter: MacLeroy | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version: 4.9.1
Severity: normal | Resolution: invalid
Keywords: close | Focuses:
--------------------------+------------------------------
Changes (by slushman):
* keywords: => close
* status: new => closed
* resolution: => invalid
Comment:
Hey @MacLeroy, thanks for posting your first ticket!
Are you trying to save a link with an onclick attribute, like this?
<a href="http://www.example.com"
onclick="trackOutboundLink('http://www.example.com'); return false;">Check
out example.com</a>
The Custom HTML widget sanitizes the submitted HTML by checking against a
list of allowed HTML tags and their allowed attributes. By default, the
onclick attribute isn't allowed for the A tag, so the code linter is
warning you that it found invalid code, like @1naveengiri mentioned above.
You are able to allow it using the wp_kses_allowed_html filter, but it
enables it for all the users on your site, which may lead to security
issues on your site. You can see all the default allowed tags and
attributes at the top of this file:
https://github.com/WordPress/WordPress/blob/master/wp-includes/kses.php
If that doesn't really address the issue, go ahead and post your example
code or explain the issue further so we can test further.
Thanks for contributing to WordPress!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42770#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list