[wp-trac] [WordPress Trac] #61052: WP_KSES data attributes: Allow double dash
WordPress Trac
noreply at wordpress.org
Mon Jun 3 13:24:42 UTC 2024
#61052: WP_KSES data attributes: Allow double dash
-------------------------------------------------+-------------------------
Reporter: cbravobernal | Owner: dmsnell
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.6
Component: Security | Version: 6.5
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests needs- | Focuses:
testing dev-feedback |
-------------------------------------------------+-------------------------
Changes (by dmsnell):
* owner: (none) => dmsnell
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"58294" 58294]:
{{{
#!CommitTicketReference repository="" revision="58294"
KSES: Allow leading trailing double hyphen in data attributes
Expand allowable set of custom data attribute names to include those
containing
leading, trailing, and double `-` characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By
allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through `kses`.
For example, the Interactivity API frequently relies on custom data
attributes
such as `data-wp-on--click="..."`. The change in [43981] would strip these
out
of the processed HTML, however.
Developed in https://github.com/WordPress/wordpress-develop/pull/6598
Discussed in https://core.trac.wordpress.org/ticket/61052
Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61052#comment:30>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list