[wp-trac] [WordPress Trac] #58366: Shortcode Support Regained but Content Filters are messing with Shortcode HTML

Mon Dec 4 01:50:07 UTC 2023

#58366: Shortcode Support Regained but Content Filters are messing with Shortcode
HTML
-------------------------------------------------+-------------------------
 Reporter:  domainsupport                        |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  6.5
Component:  Shortcodes                           |     Version:  6.2.2
 Severity:  normal                               |  Resolution:
 Keywords:  needs-testing has-testing-info       |     Focuses:
  needs-unit-tests has-patch                     |
-------------------------------------------------+-------------------------

Comment (by samuel1337):

 Replying to [comment:62 peterwilsoncc]:

 Based on the fixes. Why don't we put the break lines within the HTML tags?
 As a User, I still want the HTML tags if newline exists within the HTML
 tags. Especially within the Gutenberg Shortcode Blocks.

 I put this issue a couple of days ago:
 https://github.com/WordPress/gutenberg/issues/56617

 > Replying to [comment:61 ryno267]:
 > > @nicolefurlan I object! ;)  It feels like an important issue with a
 working hack but I understand dev cycles and making releases. I just
 really hope it doesn't miss 6.5...
 >
 > At the moment [attachment:"58366-poc.diff"] is available as a proof of
 concept but needs further testing to validate it fixes the issue with line
 breaks.
 >
 > If it proves successful, I'll work on a pull request to get the code in
 a form that is ready for commit (the POC is really, really hacky).
 >
 > As getting this right has proven difficult, I agree with @nicolefurlan
 that getting this in to the 6.4 cycle is best avoided with the release
 candidate due next week.
 >
 > It would be helpful to get some testing of the POC, these are some of
 the things that need to be tested:
 >
 > * short codes are not executed in user submitted content (comments and
 other form data)
 > * that it resolves the issue with line-breaks being stripped from
 shortcodes in block themes and replaced with HTML tags
 > * paragraph and line break tags are not added inappropriately around the
 shortcode
 > * content is not stripped for users without the `unfiltered_html`
 capability
 >
 > I really would like to get this fix in but getting the POC validated,
 converting it to a suitable patch and writing up unit tests within the
 week is not possible.
 >
 > If a few folks could test [attachment:"58366-poc.diff"] and see if it
 solves the problems without reintroducing the security issues that would
 be most helpful.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58366#comment:65>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform