[wp-trac] [WordPress Trac] #56391: safecss_filter_attr(): support rgba background-color
WordPress Trac
noreply at wordpress.org
Tue Aug 16 15:18:23 UTC 2022
#56391: safecss_filter_attr(): support rgba background-color
--------------------------+-----------------------------
Reporter: wildworks | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords: has-patch
Focuses: |
--------------------------+-----------------------------
This ticket allows rgba-valued background-color in `safecss_filter_attr`.
It was (https://github.com/WordPress/gutenberg/issues/39402) in Gutenberg
that triggered this ticket.
In RichText, when an inline text color is specified, a transparent
background color style (`background-color:rgba(0, 0, 0, 0)`) is generated
at the same time.
This is to disable the browser's default style (yellow for Chrome), since
highlighted text is wrapped with a mark tag.
However, this background color is sanitized by `wp_kes_post`, and the
browser's default style is restored.
This ticket proposes to allow `rgba` values only for `background-color`.
Please check with the additions to the Unit Test to see what values are
allowed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56391>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list