[wp-trac] [WordPress Trac] #54488: wp_filter_nohtml_kses does not remove HTML comments
WordPress Trac
noreply at wordpress.org
Mon Nov 22 09:42:10 UTC 2021
#54488: wp_filter_nohtml_kses does not remove HTML comments
--------------------------+-----------------------------
Reporter: leewillis77 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The documentation states that `wp_filter_nohtml_kses()`
"Strips all HTML from a text string."
However, in reality, HTML comments are preserved. This seems to be an
explicit choice (wp_kses_split2() - L1083 of wp-includes/kses.php but
seems at odds with the documentation, and also with the expectations of a
function named "nohtml".
Expected behaviour
{{{
wp> wp_filter_nohtml_kses('<!-- comment -->This is not a comment');
=> string(21) "This is not a comment"
}}}
Actual behaviour
{{{
wp> wp_filter_nohtml_kses('<!-- comment -->This is not a comment');
=> string(37) "<!-- comment -->This is not a comment"
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54488>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list