[wp-trac] [WordPress Trac] #47283: Strip inline JS and CSS while trying to figure out the pingback context
WordPress Trac
noreply at wordpress.org
Wed May 15 18:19:06 UTC 2019
#47283: Strip inline JS and CSS while trying to figure out the pingback context
------------------------------+-----------------------------
Reporter: david.binda | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Pings/Trackbacks | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
When testing the pingbacks on PHP 7.3, we run into a backward
compatibility issue with `strip_tags` ( see
https://bugs.php.net/bug.php?id=78003 ) which made me look into the
implementation of the context lookup for the pingback link.
When using the `strip_tags` with whitelisted `<a>` element ( see
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-
xmlrpc-server.php?rev=45310#L6805 ), we are still getting a lot of inline
CSS and JS in the output which needs to be checked. I believe that it
would make the implementation more reliable (and it would have actually
prevented the PHP bug mentioned above from breaking the stuff) if the
inline CSS and JS content would be removed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47283>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list