[wp-trac] [WordPress Trac] #43215: Allow wp_kses to pass allowed CSS properties
WordPress Trac
noreply at wordpress.org
Thu Jan 16 07:13:03 UTC 2025
#43215: Allow wp_kses to pass allowed CSS properties
-----------------------------+------------------------------
Reporter: mclaurent | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.2
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by davidtheplumber):
Create a wrapper function for wp_kses that sets and removes custom filters
for safe_style_css during its execution:
{{{
function wp_kses_with_temp_styles($string, $allowed_html,
$allowed_protocols, $temp_styles) {
add_filter('safe_style_css', function($styles) use ($temp_styles) {
return array_merge($styles, $temp_styles);
});
$output = wp_kses($string, $allowed_html, $allowed_protocols);
remove_all_filters('safe_style_css'); // Clean up to prevent global
impact
return $output;
}
$allowed_output_html = array(
'script' => array(),
'noscript' => array(),
'iframe' => array(
'src' => array(),
'width' => array(),
'height' => array(),
'style' => array(),
),
);
$google_tag_manager_noscript = <<<ENDSTRING
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=123"
height="0" width="0"
style="display:none;visibility:hidden"></iframe></noscript>
ENDSTRING;
echo wp_kses_with_temp_styles($google_tag_manager_noscript,
$allowed_output_html, $allowed_output_protocol, ['display',
'visibility']);
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43215#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list