[wp-trac] [WordPress Trac] #45067: Add CSS URL sanitization to kses.
WordPress Trac
noreply at wordpress.org
Tue Oct 9 14:56:43 UTC 2018
#45067: Add CSS URL sanitization to kses.
----------------------------------------+---------------------
Reporter: peterwilsoncc | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.0
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+---------------------
Comment (by azaozz):
Looking at the patch, it does:
{{{
$css_test_string = str_replace( $url_match, '', $css_test_string );
}}}
where `$url_match` is the actual URL. That leaves `background-image:
url()` in place which still triggers removal of the whole selector
afterwards. Updating.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45067#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list