1 | | Looking at 33121.3.diff, don't think it is a good idea to allow adding attributes with a wildcard. That would mean --somebody-- can add `on-*` or even `o-*` and allow all `onerror`, `onclick`, `onmouseover`, etc. attributes. |
| 1 | Looking at 33121.3.diff, don't think it is a good idea to allow adding attributes with a wildcard. (Note that `_wp_add_global_attributes()` is just a convenience function to add some attribute names to all tags. There is no way to check how an attribute name was added. So plugins will also be able to add the `data-*` attribute name which is the expected behavior.) |
| 2 | |
| 3 | That would mean --somebody-- can add `on-*` or even `o-*` and allow all `onerror`, `onclick`, `onmouseover`, etc. attributes. |