[wp-trac] [WordPress Trac] #44044: $allowed_tags and $allowed_protocols in wp_privacy_generate_personal_data_export_group_html not filterable.

WordPress Trac noreply at wordpress.org
Fri Mar 8 21:51:06 UTC 2019 

#44044: $allowed_tags and $allowed_protocols  in
wp_privacy_generate_personal_data_export_group_html not filterable.
---------------------------------------------+-----------------------------
 Reporter:  TZ Media                         |       Owner:  garrett-
                                             |  eclipse
     Type:  enhancement                      |      Status:  assigned
 Priority:  normal                           |   Milestone:  5.2
Component:  Privacy                          |     Version:  4.9.6
 Severity:  normal                           |  Resolution:
 Keywords:  has-patch has-unit-tests commit  |     Focuses:
---------------------------------------------+-----------------------------
Changes (by desrosj):

 * keywords:  has-patch has-unit-tests dev-feedback => has-patch has-unit-
     tests commit


Comment:

 @birgire Thanks for the refresh. I can't reproduce the test failures that
 I was seeing previously when I reached out in Slack, so this is looking
 good.

 I can't think of any edge cases we need to be overly concerned with.

 In the current state, here is the sequence of events:
 - An explicit list of allowed markup and attribute combinations are passed
 to `wp_kses()` in `wp_privacy_generate_personal_data_export_group_html()`.
 - The string is passed through the `pre_kses` filter with the list of
 allowed HTML and protocols.
 - No further filters.

 With the proposed changes:
 - The `wp_kses_allowed_html` filter would be run on the list of allowed
 HTML tags after `pre_kses` with the context of `personal_data_export`.

 The only edge case that I can think of is if someone was explicitly
 checking for the specific list of tags and attributes passed in
 `wp_privacy_generate_personal_data_export_group_html()` with `pre_kses`.
 But, this scenario would have been affecting plugins and themes that
 happened to be passing the same list of allowed tags.

 This change is beneficial because it allows the tags allowed in this
 specific context is now possible. Which, should be the encouraged way to
 filter the allowed tags.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44044#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list