Make WordPress Core

Changeset 53034


Ignore:
Timestamp:
03/31/2022 03:52:31 AM (2 years ago)
Author:
peterwilsoncc
Message:

KSES: Document HTML allow list is in lowercase.

Expand documentation of the wp_kses_allowed_html hook to indicate that developers must add permitted HTML tags and attributes in lowercase for KSES to recognise they are permitted.

Props r-a-y, SergeyBiryukov, peterwilsoncc.
Fixes #55407.
See #53399.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r52969 r53034  
    821821         * Filters the HTML tags that are allowed for a given context.
    822822         *
     823         * HTML tags and attribute names are case-insensitive in HTML but must be
     824         * added to the KSES allow list in lowercase. An item added to the allow list
     825         * in upper or mixed case will not recognized as permitted by KSES.
     826         *
    823827         * @since 3.5.0
    824828         *
Note: See TracChangeset for help on using the changeset viewer.