[wp-trac] [WordPress Trac] #48873: CSS Selectors in style tags containing greater than signs are escaped
WordPress Trac
noreply at wordpress.org
Wed Dec 4 09:25:24 UTC 2019
#48873: CSS Selectors in style tags containing greater than signs are escaped
--------------------------+-----------------------------
Reporter: bfintal | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.3
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
If you have unfiltered html disallowed, and you have in your content a
style tag with a `>` selector, the selector will be escaped into `>`
preventing the CSS from working.
I've used the `wp_kses_allowed_html` filter to allow `style` tags in
wp_kses.
I also have this defined to disallow unfiltered html:
{{{
define( 'DISALLOW_UNFILTERED_HTML', true );
}}}
Sample content:
{{{
<style>
body > header {
background: red;
}
</style>
}}}
Saving this with unfiltered html disallowed would result in:
{{{
<style>
body > header {
background: red;
}
</style>
}}}
Since it's escaped, the CSS stops working.
I don't think there's a way to allow allow `>` signs in `<style>` tags.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48873>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list