[wp-trac] [WordPress Trac] #53156: Add 'main' tag to kses
WordPress Trac
noreply at wordpress.org
Tue May 4 20:46:07 UTC 2021
#53156: Add 'main' tag to kses
--------------------------+-----------------------------
Reporter: glendaviesnz | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Gutenberg recently added the `main` tag as a wrapper option for the group
block for accessibility reasons
(https://github.com/WordPress/gutenberg/pull/28576).
This tag is not currently included in `$allowedposttags` in `wp-
includes/kses.php`, so if this tag is selected by a user without
`unfiltered_html` rights it is stripped from the content on save and the
block invalidates when the post/page is reloaded.
To replicate the issue this causes:
- In an WP env with Gutenberg plugin installed add a user with author
permissions
- Log in as that user and add a group block and set the wrapper as main
under Advanced settings
- Save the post and reload
There don't seem to be any security implications with adding this tag to
`$allowedposttags`, and is probably only missing as it wouldn't have
existed when this list was first created.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53156>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list