Opened 11 years ago
Closed 11 years ago
#30484 closed defect (bug) (worksforme)
tinyMce is stripping out data attributes
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.1 |
| Component: | TinyMCE | Keywords: | |
| Focuses: | Cc: |
Description
Data attributes are a valid part of the HTML5 spec, and shouldn't be stripped out even for users without the "unfiltered_html" capability, so I’m not sure why they aren't included in wp-tinymce-schema.js. Is there something about adding a rule like "@[data-*]" that poses a security risk?
Change History (1)
Note: See
TracTickets for help on using
tickets.
I'm assuming this is for WordPress 3.8 or older. TinyMCE does not strip
data-*attributes in WordPress 3.9+.