[wp-trac] [WordPress Trac] #44988: The sanitize_html_class() is deceptive / "buggy"
WordPress Trac
noreply at wordpress.org
Sun Oct 4 00:55:32 UTC 2020
#44988: The sanitize_html_class() is deceptive / "buggy"
----------------------------+------------------------------
Reporter: ChiefAlchemist | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 4.9.6
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by davidwebca):
Hello! I came here searching about the escaping mecanism for classes added
through the menu items in the admin. I found myself surprised to see
colons being removed altogether. With the prevalence and popularity of
tailwindcss.com, we should maybe reconsider what is allowed as a special
character in the sanitize_html_class and it could be part of the same
discussion you guys have been having for quite a while. Here's an
additional link about the specificity of what is "allowed" in CSS.
https://mathiasbynens.be/notes/css-escapes
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44988#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list