[wp-trac] [WordPress Trac] #55407: Allow case-insensitive elements for KSES
WordPress Trac
noreply at wordpress.org
Wed Mar 16 23:54:44 UTC 2022
#55407: Allow case-insensitive elements for KSES
----------------------------------------+---------------------
Reporter: r-a-y | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.0
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+---------------------
Comment (by peterwilsoncc):
The proposed patch is problematic in that it will make KSES case
sensitive.
Consider the HTML `<DIV CLASS="55407"></DIV>`, the first altered line
removes `strtolower()` from the check of allowed elements. This will cause
a false negative and result in the element being removed.
See https://3v4l.org/5X0OJ for an example of the difference.
In it's current form, KSES will maintain the case in which the element is
entered.
{{{
<DIV class="55407">Some div</DIV>
<Not-Allowed>Not Allowed element</Not-AlloWed>
}}}
Is stored in the database as
{{{
<DIV class="55407">Some div</DIV>
Not Allowed element
}}}
Adding elements to the allowed HTML array or via the appropriate filter do
need to be in lowercase. I think this needs to remain the case as the
allowed HTML shouldn't contain the same element in different cases, eg
{{{#!php
<?php
$allowed_html = [
'div' => [ /* etc */ ],
'DIV' => [ /* etc */ ],
];
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55407#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list