[wp-trac] [WordPress Trac] #47367: KSES: Update CSS properties considered safe for all users.
WordPress Trac
noreply at wordpress.org
Sat Sep 21 18:35:35 UTC 2019
#47367: KSES: Update CSS properties considered safe for all users.
-------------------------------------------------+-------------------------
Reporter: peterwilsoncc | Owner: marybaum
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.3
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-refresh 2nd-opinion | Focuses:
needs-unit-tests |
-------------------------------------------------+-------------------------
Comment (by azaozz):
Replying to [comment:12 peterwilsoncc]:
> This was done in #10336 back in the days of the browser wars, CSS hacks,
and IE6 support. @azaozz do you remember the nastiness you were trying to
avoid?
That was ...ten years ago! As far as I remember it was a security
fix/hardening at the time. The code came from (then separate) WP
Multisite.
At the time there were quite a few possibilities for misuse, different for
the different browsers and browser versions. Many of these "CSS features"
have been removed since then, but some may still be aground.
If we want to remove the restriction seems we will need to add a lot more
granular filtering for inline `style` attributes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47367#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list