Changes between Initial Version and Version 1 of Ticket #34178, comment 4
- Timestamp:
- 10/06/2015 11:46:58 PM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #34178, comment 4
initial v1 1 `<style>` is one of the HTML tags allowed for a user with the `unfiltered_html` capability. I can imagine cases where site owners use the text widget specifically to insert in line style- however wise/unwise that may be. :)1 `<style>` is one of the HTML tags allowed for a user with the `unfiltered_html` capability. I can imagine cases where site owners use the text widget specifically to insert internal stylesheets - however wise/unwise that may be. :) 2 2 3 3 One method to approach this would be extra sanitization via filter (see `widget_text`) in a plugin. There are likely others as well, including replacing the default text widget provided by WordPress with a more custom one. Adding extra sanitization to remove `<style>` by default is not something that we can do here.