[wp-trac] [WordPress Trac] #62619: Remove `wp_kses_post()` filtering from admin notices
WordPress Trac
noreply at wordpress.org
Fri Nov 29 19:14:31 UTC 2024
#62619: Remove `wp_kses_post()` filtering from admin notices
----------------------------+-------------------------
Reporter: azaozz | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.8
Component: Administration | Version: 6.4
Severity: normal | Keywords: needs-patch
Focuses: |
----------------------------+-------------------------
Follow-up to #57791.
There are several reasons why KSES filtering is not appropriate/not needed
for admin notices. As far as I see the top three are:
1. KSES is designed to run only when filtering HTML on saving to the
database. It is not suitable for use when displaying content as it is slow
and cumbersome.
2. The `wp_kses_post()` function is designed specifically to be used when
post content is saved to the database. It is not suitable for anything
else.
3. The content of the admin notices is provided (hard-coded) by WordPress
or by plugins. It doesn't make sense to limit the use of HTML in these
notices.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62619>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list