[wp-trac] [WordPress Trac] #46889: kses allow data: protocol in wp_allowed_protocols
WordPress Trac
noreply at wordpress.org
Fri Apr 12 07:32:30 UTC 2019
#46889: kses allow data: protocol in wp_allowed_protocols
-------------------------+-----------------------------
Reporter: nextendweb | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
It is getting common to use inline base64 encoded images to minimalize
request count. It would be great if WordPress' kses would allow to use the
data: protocol in src attributes.
Example where the data: protocol get removed:
{{{#!php
<?php
echo wp_kses_post('<img
src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZlcnNpb249IjEuMCIgd2lkdGg9IjEyMDAiIGhlaWdodD0iNjAwIiA+PC9zdmc+"
alt="Slider" />');
}}}
Suggested code change:
{{{#!php
<?php
function wp_allowed_protocols() {
static $protocols = array();
if ( empty( $protocols ) ) {
$protocols = array( 'http', 'https', 'ftp', 'ftps',
'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms',
'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn', 'data');
}
if ( ! did_action( 'wp_loaded' ) ) {
/**
* Filters the list of protocols allowed in HTML
attributes.
*
* @since 3.0.0
*
* @param array $protocols Array of allowed protocols e.g.
'http', 'ftp', 'tel', and more.
*/
$protocols = array_unique( (array) apply_filters(
'kses_allowed_protocols', $protocols ) );
}
return $protocols;
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46889>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list