[wp-trac] [WordPress Trac] #43215: Allow wp_kses to pass allowed CSS properties
WordPress Trac
noreply at wordpress.org
Sat Jan 25 09:13:15 UTC 2025
#43215: Allow wp_kses to pass allowed CSS properties
-----------------------------+------------------------------
Reporter: mclaurent | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.2
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by davidtheplumber):
Replying to [comment:1 davidtheplumber]:
> Extend wp_kses to Accept Inline Styles Locally
> Modify wp_kses to support an added level of depth in its configuration,
allowing you to specify attributes and their allowed values for individual
HTML elements:
>
> {{{
> $allowed_output_html = array(
> 'script' => array(),
> 'noscript' => array(),
> 'iframe' => array(
> 'src' => array(),
> 'width' => array(),
> 'height' => array(),
> 'style' => array(
> 'allowed_properties' => array('display', 'visibility'),
> ),
> ),
> );
>
> $google_tag_manager_noscript = <<<ENDSTRING
> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=123"
> height="0" width="0"
style="display:none;visibility:hidden"></iframe></noscript>
> ENDSTRING;
>
> echo custom_wp_kses($google_tag_manager_noscript, $allowed_output_html,
$allowed_output_protocol);
>
> // Extend wp_kses to parse the "style" key with allowed properties
> function custom_wp_kses($string, $allowed_html, $allowed_protocols) {
> // Parse allowed "style" properties within `wp_kses`.
> // Add your logic for inline styles per element here.
> // Ensure this doesn't modify WordPress core functionality globally.
> }
>
> }}}
this works
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43215#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list