[wp-trac] [WordPress Trac] #61719: WP_HTML_Tag_Processor doesn't allow to set a valid image src
WordPress Trac
noreply at wordpress.org
Thu Aug 1 19:43:35 UTC 2024
#61719: WP_HTML_Tag_Processor doesn't allow to set a valid image src
--------------------------+------------------------------
Reporter: ivanzhuck | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTML API | Version: 6.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by dmsnell):
Noting here since my comment from Github didn't come over. Thanks for the
patch @amitraj2203.
I prefer that we reject this patch as proposed, which provides a way to
avoid attribute escaping, and change it so that //when// WordPress rejects
an attribute update, that the function returns `false` to indicate as
much.
In time, I hope to remove all `esc_` functions from the core HTML API with
a much better design for sanitization, so for now I think it's best if we
stay minimal and do all we can to avoid blurring parsing and sanitization.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61719#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list