[wp-trac] [WordPress Trac] #56118: Exception to escapement: Exported or imported data

WordPress Trac noreply at wordpress.org
Fri Jul 1 02:21:19 UTC 2022

#56118: Exception to escapement: Exported or imported data
 Reporter:  anrghg       |      Owner:  (none)
     Type:  feature      |     Status:  new
  request                |
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Export       |    Version:
 Severity:  major        |   Keywords:  needs-docs dev-feedback needs-dev-
  Focuses:  docs         |  note
 JSON data echoed for download as in
 cannot be escaped using `wp_kses()`. I’m opening this ticket for
 documentation purposes.

 `wp_kses()` calls `wp_kses_split()`, that calls
 `_wp_kses_split_callback()`, that calls `wp_kses_split2()`
 And the first thing `wp_kses_split2()` does is to “fix” the data by
 calling `wp_kses_stripslashes()`, that strips backslashes from in front of
 double quotes
 (https://docs.classicpress.net/reference/functions/wp_kses_split2/ and
 and thus breaks JSON.

 Anyway, cxported data is expected to truly mirror the existing data, so
 there seems to be no way to escape anything here when echoing for

 The same holds true when importing data as in

 For PHPCS, such instances need to be whitelisted and I’m held accountable
 for linking to relevant documentation acknowledging the exceptions.

Ticket URL: <https://core.trac.wordpress.org/ticket/56118>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list