[wp-trac] [WordPress Trac] #62619: Remove `wp_kses_post()` filtering from admin notices

WordPress Trac noreply at wordpress.org
Fri Nov 29 19:14:31 UTC 2024


#62619: Remove `wp_kses_post()` filtering from admin notices
----------------------------+-------------------------
 Reporter:  azaozz          |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  6.8
Component:  Administration  |    Version:  6.4
 Severity:  normal          |   Keywords:  needs-patch
  Focuses:                  |
----------------------------+-------------------------
 Follow-up to #57791.

 There are several reasons why KSES filtering is not appropriate/not needed
 for admin notices. As far as I see the top three are:

 1. KSES is designed to run only when filtering HTML on saving to the
 database. It is not suitable for use when displaying content as it is slow
 and cumbersome.
 2. The `wp_kses_post()` function is designed specifically to be used when
 post content is saved to the database. It is not suitable for anything
 else.
 3. The content of the admin notices is provided (hard-coded) by WordPress
 or by plugins. It doesn't make sense to limit the use of HTML in these
 notices.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62619>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list