[wp-trac] [WordPress Trac] #45067: Add CSS URL sanitization to kses.
WordPress Trac
noreply at wordpress.org
Mon Oct 22 04:03:10 UTC 2018
#45067: Add CSS URL sanitization to kses.
--------------------------------------+---------------------
Reporter: peterwilsoncc | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.0
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+---------------------
Comment (by pento):
In [changeset:"43781" 43781]:
{{{
#!CommitTicketReference repository="" revision="43781"
KSES: Allow `url()` to be used in inline CSS.
The cover image block uses the `url()` function in its inline CSS, to show
the cover image. KSES didn't allow this, causing the block to not save
correctly for Author and Contributor users. As KSES does already check
each attribute name against an allowed list, we're able to add an extra
check for certain attributes to be able to use the `url()` function, too.
Props peterwilsoncc, azaozz, pento, dd32.
See #45067.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45067#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list