[wp-trac] [WordPress Trac] #47367: KSES: Update CSS properties considered safe for all users.

WordPress Trac noreply at wordpress.org
Sat Sep 21 18:35:35 UTC 2019


#47367: KSES: Update CSS properties considered safe for all users.
-------------------------------------------------+-------------------------
 Reporter:  peterwilsoncc                        |       Owner:  marybaum
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.3
Component:  Editor                               |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch needs-refresh 2nd-opinion  |     Focuses:
  needs-unit-tests                               |
-------------------------------------------------+-------------------------

Comment (by azaozz):

 Replying to [comment:12 peterwilsoncc]:
 > This was done in #10336 back in the days of the browser wars, CSS hacks,
 and IE6 support. @azaozz do you remember the nastiness you were trying to
 avoid?

 That was ...ten years ago! As far as I remember it was a security
 fix/hardening at the time. The code came from (then separate) WP
 Multisite.

 At the time there were quite a few possibilities for misuse, different for
 the different browsers and browser versions. Many of these "CSS features"
 have been removed since then, but some may still be aground.

 If we want to remove the restriction seems we will need to add a lot more
 granular filtering for inline `style` attributes.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47367#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list