Opened 15 years ago
Closed 11 years ago
#10151 closed enhancement (fixed)
HTML5 <video> elements stripped in kses.php
Reported by: | GChriss | Owned by: | ryan |
---|---|---|---|
Milestone: | 3.6 | Priority: | normal |
Severity: | normal | Version: | 2.8 |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Description
WordPress currently strips the new HTML5 <video> element as it is unrecognized. The attached patch allows <video> passthrough in postings and comments.
Hopefully this patch (or a derivative) could be incorporated into WordPress proper.
Attachments (1)
Change History (17)
#1
@
15 years ago
- Component changed from Comments to Security
- Keywords needs-patch added
- Milestone changed from Unassigned to 2.9
- Owner set to ryan
- Type changed from defect (bug) to enhancement
I'm 100% certain we don't wan't porn and spamercials in comments.
#2
@
15 years ago
- Keywords <video> video HTML5 removed
<video> should be preserved only in postings IMO... allow posting videos in comment is dangerous.
#7
@
15 years ago
- Cc blizzard@… added
This probably needs to support the source elements as well, so we can build in fallbacks for safari, firefox, IE, etc. You need the source element to be able to do that.
Our biggest problem is that the wysiwyg editor strips out <video> tags which makes it hard for people to edit posts without a lot of technical experience. Will this bug help with that? (I'm not sure what role kses.php plays in that.)
#8
@
15 years ago
It's not hard to stop TinyMCE stripping <video>, <audio> and other new HTML 5.0 tags. The problem is what would the browsers show in the contentEditable
iframe and would that bring any security problems. KSES is the backend HTML safety filter.
#11
@
14 years ago
- Cc GeekShadow added
What's up on this bug ? It would be good to be able to put both <audio> and <video> without them to be removed in TinyMCE !
#13
@
14 years ago
- Cc GChriss added
comment:2 raises the issue of trusted repositories, especially when an externally–hosted, already–reviewed video is replaced with something else.
Two options that come to mind are automatic upload to the Media Library (via Firefogg) or whitelisting of community–monitored media repositories (e.g., the Internet Archive and Wikimedia Commons). In both cases, WP admins should be able to set the same type of moderation options as are in place for text–based comments.
I think the potential for video comments is huge. Maybe this would be a good GSoC project?
#15
@
13 years ago
What steps are needed to push this forward? Is there consensus that <video> support should become part of the default WP installation?
#16
@
11 years ago
- Keywords needs-refresh removed
- Milestone changed from Future Release to 3.6
- Resolution set to fixed
- Status changed from new to closed
Only gets stripped from Contributors, who don't even have access to media. Admin and Editors can paste the HTML that is produced by the shortcode, and it all remains intact, even the inline <script>
Patch to kses.php to enable HTML5 <video> passthrough