WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#37272 closed defect (bug) (wontfix)

<acronym> HTML element is now obsolete

Reported by: henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

The <acronym> HTML element is now obsolete according to the MDN. Should it be removed from the default set of allowed_tags()?

Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/acronym

Attachments (1)

37272.1.diff (5.1 KB) - added by Presskopp 4 years ago.
brute force patch

Download all attachments as: .zip

Change History (4)

@Presskopp
4 years ago

brute force patch

#1 @Presskopp
4 years ago

Just in case it helps somehow

#2 @kraftbj
4 years ago

  • Version 4.5.3 deleted

I disagree on removing it. allowed_html is meant to be a security/safety feature to only allowed html that would not have security implications. While acronym may no longer be in spec, it doesn't harm anyone to leave it in and browsers still support it.

EDIT: As least for KSES, we should leave it in. I'm more apathetic about the other uses.

Last edited 4 years ago by kraftbj (previous) (diff)

#3 @pento
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Thank you for the bug report, @henry.wright!

As @kraftbj mentioned, there are no security implications in allowing acronym, so it wouldn't be removed from KSES. On top of that, themes don't necessarily declare themselves as HTML5, many are still HTML4 or XHTML, so they can still display the acronym tag within spec.

All of the other uses are around plugin and theme headers. Due to the burden of requiring all plugins and themes to update their headers to the abbr tag instead, I don't think this is a feasible change.

Note: See TracTickets for help on using tickets.