[wp-trac] [WordPress Trac] #45067: Add CSS URL sanitization to kses.
WordPress Trac
noreply at wordpress.org
Fri Dec 14 01:40:55 UTC 2018
#45067: Add CSS URL sanitization to kses.
------------------------------------------------+---------------------
Reporter: peterwilsoncc | Owner: pento
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.0
Component: Editor | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests fixed-5.0 | Focuses:
------------------------------------------------+---------------------
Changes (by pento):
* owner: (none) => pento
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"44136" 44136]:
{{{
#!CommitTicketReference repository="" revision="44136"
KSES: Allow `url()` to be used in inline CSS.
The cover image block uses the `url()` function in its inline CSS, to show
the cover image. KSES didn't allow this, causing the block to not save
correctly for Author and Contributor users. As KSES does already check
each attribute name against an allowed list, we're able to add an extra
check for certain attributes to be able to use the `url()` function, too.
Merges [43781] from the 5.0 branch to core.
Props peterwilsoncc, azaozz, pento, dd32.
Fixes #45067.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45067#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list