[wp-trac] [WordPress Trac] #60347: wp_kses breaking text fragments links
WordPress Trac
noreply at wordpress.org
Thu Jan 25 17:20:18 UTC 2024
#60347: wp_kses breaking text fragments links
--------------------------+-----------------------------
Reporter: asafm7 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello.
It seems that wp_kses() (probably wp_kses_bad_protocol()) is breaking text
fragments links (https://developer.mozilla.org/en-
US/docs/Web/Text_fragments).
For example:
<a href="#:~:text=highlight>Link</a>
This issue became more prominent as recently ACF started escaping HTML
using the wp_kses() function
(https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/).
I confirmed the issue with ACF's support.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60347>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list