WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 19 months ago

#17847 new defect (bug)

wp_kses_hair is too stringent

Reported by: jorbin Owned by:
Priority: normal Milestone: Awaiting Review
Component: Formatting Version: 1.5
Severity: normal Keywords: has-patch
Cc:

Description

attributes from custom xml name spaces may use colons, but the regex used inside wp_kses_hair doesn't allow them through.

Attachments (1)

18320.diff (577 bytes) - added by jorbin 2 years ago.

Download all attachments as: .zip

Change History (5)

jorbin2 years ago

comment:1 nacin2 years ago

  • Component changed from Security to Formatting

Can you provide some test cases as to what these attributes look like?

comment:2 jorbin2 years ago

addthis:url is one example

comment:3 johnbillion2 years ago

Google Products is one too, using g:* for many attributes in their product data feeds.

comment:4 kurtpayne19 months ago

  • Version set to 1.5
Note: See TracTickets for help on using tickets.