Make WordPress Core

06/22/2020 05:24:34 PM (4 years ago)

General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.

“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the $new_whitelist_options global variable) are removed. A new ticket has been opened to explore renaming the $new_whitelist_options variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.

1 edited


  • trunk/src/wp-includes/kses.php

    r48104 r48121  
    17211721 *
    17221722 * This function processes URL protocols, checks to see if they're in the
    1723  * whitelist or not, and returns different data depending on the answer.
     1723 * list of allowed protocols or not, and returns different data depending
     1724 * on the answer.
    17241725 *
    17251726 * @access private
    17271728 * @since 1.0.0
    17281729 *
    1729  * @param string   $string            URI scheme to check against the whitelist.
     1730 * @param string   $string            URI scheme to check against the list of allowed protocols.
    17301731 * @param string[] $allowed_protocols Array of allowed URL protocols.
    17311732 * @return string Sanitized content.
    17731774    $string = str_replace( '&', '&', $string );
    1775     // Change back the allowed entities in our entity whitelist.
     1776    // Change back the allowed entities in our list of allowed entities.
    17761777    if ( 'xml' === $context ) {
    17771778        $string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
    19131914 * This function decodes numeric HTML entities (`A` and `A`).
    19141915 * It doesn't do anything with named entities like `ä`, but we don't
    1915  * need them in the URL protocol whitelisting system anyway.
     1916 * need them in the allowed URL protocols system anyway.
    19161917 *
    19171918 * @since 1.0.0
Note: See TracChangeset for help on using the changeset viewer.