[wp-trac] [WordPress Trac] #47210: Allow html on site health titles and description
WordPress Trac
noreply at wordpress.org
Fri May 10 07:37:41 UTC 2019
#47210: Allow html on site health titles and description
-------------------------+--------------------------------------
Reporter: juliobox | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.2
Severity: minor | Keywords: needs-patch dev-feedback
Focuses: |
-------------------------+--------------------------------------
Hello there,
In /wp-admin/site-health-info.php#L115 we have this:
{{{
<?php echo esc_html( $details['label'] ); ?>
}}}
So we don't allow HTML content ? why!?
I propose the usage of wp_kses_* to allow clean html content.
Also line#141 we have this:
{{{
printf( '<p>%s</p>', $details['description'] );
}}}
We clearly allow any html, so I propose to sanitize using wp_kses_* too,
we don't want embed/iframe/script here right?
Thank you for your feedback.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47210>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list