Changes between Initial Version and Version 1 of Ticket #33121, comment 15
- Timestamp:
- 10/11/2018 01:56:34 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #33121, comment 15
initial v1 7 7 The only exception to the above are attributes with variable names, and the only HTML 5.0 attribute with a variable name is `data-*`. Thinking we should extend KSES to allow data attributes, but hardcode the `data-` part. This is inline with the existing logic in KSES. 8 8 9 Uh, sorry for the longer comment :) The TL;DR: don't think allowing wildcard attributes in KSES is a good thing. It brings us in a pretty dangerous place and at the same time reduces some of the existing functionality, i.e.sanitizing attribute values.9 Uh, sorry for the longer comment :) The TL;DR: don't think allowing wildcard attributes in KSES is a good thing. It brings us to a pretty dangerous place and at the same time reduces some of the existing functionality: sanitizing attribute values.