Make WordPress Core


Ignore:
Timestamp:
10/22/2018 04:03:07 AM (6 years ago)
Author:
pento
Message:

KSES: Allow url() to be used in inline CSS.

The cover image block uses the url() function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the url() function, too.

Props peterwilsoncc, azaozz, pento, dd32.
See #45067.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/tests/phpunit/tests/shortcode.php

    r42838 r43781  
    493493            ),
    494494            array(
    495                 '<div style="background:url([[gallery]])">',
    496                 '<div style="background:url([[gallery]])">',
     495                '<div style="selector:url([[gallery]])">',
     496                '<div style="selector:url([[gallery]])">',
    497497            ),
    498498            array(
Note: See TracChangeset for help on using the changeset viewer.