[wp-trac] [WordPress Trac] #47367: KSES: Update CSS properties considered safe for all users.
WordPress Trac
noreply at wordpress.org
Sun Sep 22 21:07:54 UTC 2019
#47367: KSES: Update CSS properties considered safe for all users.
----------------------------------------+-----------------------
Reporter: peterwilsoncc | Owner: marybaum
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.3
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+-----------------------
Changes (by peterwilsoncc):
* keywords: has-patch needs-refresh 2nd-opinion needs-unit-tests => has-
patch needs-unit-tests
Comment:
Replying to [comment:14 azaozz]:
> That was ...ten years ago! As far as I remember it was a security
fix/hardening at the time. The code came from (then separate) WP
Multisite.
>
> At the time there were quite a few possibilities for misuse, different
for the different browsers and browser versions. Many of these "CSS
features" have been removed since then, but some may still be aground.
>
> If we want to remove the restriction seems we will need to add a lot
more granular filtering for inline `style` attributes.
Thanks, I appreciate the help.
I've thought about this over the last 48 hours. Let's put it in as even in
a limited form `grid` and `flex` are very helpful for using the block
editor to create interesting layouts. A complete lack of support may
result in plugin authors enabling `unfiltered_html` for all users which is
problematic in itself.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47367#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list