[wp-trac] [WordPress Trac] #30421: Add ARIA attributes to globally permitted HTML attributes in kses
WordPress Trac
noreply at wordpress.org
Tue Mar 14 23:08:18 UTC 2017
#30421: Add ARIA attributes to globally permitted HTML attributes in kses
-------------------------------------+-------------------------------------
Reporter: jwenerd | Owner: jorbin
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: kses early has-unit- | Focuses: accessibility,
tests needs-testing needs-patch | administration
-------------------------------------+-------------------------------------
Changes (by jeremyfelt):
* keywords: kses early has-patch has-unit-tests needs-testing => kses
early has-unit-tests needs-testing needs-patch
Comment:
I did a bit of poking around and wasn't able to find any examples of
attacks using these attributes.
It sounds like to move forward this ticket needs a patch that adds `aria-
describedby`, `aria-label`, `aria-labelledby`, and `aria-hidden` to the
list of allowed post tags in kses. It should probably also add to the
allowed tags for TinyMCE too.
Heavy +1 btw. A plugin in the meantime: https://wordpress.org/plugins
/allow-aria-attributes/ :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30421#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list