[wp-trac] [WordPress Trac] #37134: Allow filtering of safecss_filter_attr
WordPress Trac
noreply at wordpress.org
Wed Jun 3 20:01:10 UTC 2020
#37134: Allow filtering of safecss_filter_attr
-------------------------------------------------+-------------------------
Reporter: paulschreiber | Owner:
| adamsilverstein
Type: enhancement | Status: reopened
Priority: normal | Milestone: 5.5
Component: Formatting | Version: 4.6
Severity: normal | Resolution:
Keywords: kses has-patch has-unit-tests | Focuses:
needs-dev-note |
-------------------------------------------------+-------------------------
Changes (by azaozz):
* status: closed => reopened
* resolution: fixed =>
Comment:
Having some "second thoughts" on this patch:
- (minor) The filter is for a regex, not "chars", perhaps the filter name
and the var name should mention that :)
- Allowing `(`, `)`, etc. can be done now, but it's still a potential
security breach. Thinking there should be at least some more documentation
on why these are not allowed by default, and what would be "safe" there.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37134#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list