#29998 closed defect (bug) (invalid)
kses.php fails to sanitize Outlook HTML content correctly
Reported by: | hmoore71 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.0 |
Component: | Formatting | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description (last modified by )
WordPress 4.0
attempt to post the contents of an email from Outlook with embedded image(s). The post will have artifacts showing of the MS HTML that is tossed into Outlook's email.
If I comment out //add_filter('content_save_pre', 'wp_filter_post_kses');
in kses.php
everything is fine.
If I do the wp_insert_post in admin I suspect kses.php is not loaded as the issue does not occur.
MS HTML has a lot of conditional HTML which is throwing kses.php off.
Change History (7)
#5
@
10 years ago
- Resolution set to invalid
- Status changed from new to closed
Ticket was vague/abandoned.
#7
@
10 years ago
the issue arose developing a email processing plugin where HTML emails were being posted outside of admin and kses was leaving artifacts in its attempt to clean the post.
I've since abandoned the plugin development but still believe that kses has some issue with html email content.
kses is about filtering for security purposes, not for cleaning it up. If you use something like the "Paste from Word" TinyMCE button, you should be in much better shape.
Also, editors and administrators have the ability to post HTML unfiltered. If commenting out this line helps you (note: major security concerns!) then it means that unfiltered HTML is fine.
If we're actually breaking the HTML somehow, could you screenshot/upload/post an example?