WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#29826 closed defect (bug) (fixed)

subtitles added to media are stripped for anyone without unfiltered_html capability

Reported by: jwenerd Owned by: wonderboymusic
Milestone: 4.1 Priority: normal
Severity: normal Version: 4.0
Component: Media Keywords: commit
Focuses: Cc:

Description

If you are an author (or an editor or administrator on multisite) you are able to insert a video, add a subtitle track which inserts the track element within the video shortcode. Then when saving the post the track is removed due to it not being in the list of allowed post tags.

Attachments (2)

29826.patch (404 bytes) - added by jwenerd 5 years ago.
Patch that adds track and permissible attributes to allowed tags
29826.diff (1.2 KB) - added by wonderboymusic 5 years ago.

Download all attachments as: .zip

Change History (8)

@jwenerd
5 years ago

Patch that adds track and permissible attributes to allowed tags

#1 @SergeyBiryukov
5 years ago

  • Component changed from General to Media
  • Milestone changed from Awaiting Review to 4.1

#2 follow-up: @wonderboymusic
5 years ago

  • Keywords dev-feedback added

should we allow <audio> and <video> in the list as well? <track> is a sub-element of them, so probably? someone with knowledge of this KSES file weigh in?

#3 @DrewAPicture
5 years ago

  • Summary changed from subtitles added to media are striped for anyone without unfiltered_html capability to subtitles added to media are stripped for anyone without unfiltered_html capability

@wonderboymusic
5 years ago

#4 in reply to: ↑ 2 @westi
5 years ago

Replying to wonderboymusic:

should we allow <audio> and <video> in the list as well? <track> is a sub-element of them, so probably? someone with knowledge of this KSES file weigh in?

That makes sense to me, we need to try and keep the file consistent by adding support for tags in there groupings rather than individual tags alone.

#5 @westi
5 years ago

  • Keywords commit added; dev-feedback removed

@wonderboymusic the patch looks good (although a little bit of me dies when I see autoplay=true ;))

#6 @wonderboymusic
5 years ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 30064:

Add audio, video, and track to $allowedposttags (KSES).

Props jwenerd, wonderboymusic.
Fixes #29826.

Note: See TracTickets for help on using tickets.