Opened 8 years ago
Closed 8 years ago
#37272 closed defect (bug) (wontfix)
<acronym> HTML element is now obsolete
Reported by: | henry.wright | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
The <acronym>
HTML element is now obsolete according to the MDN. Should it be removed from the default set of allowed_tags()
?
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/acronym
Attachments (1)
Change History (4)
#2
@
8 years ago
- Version 4.5.3 deleted
I disagree on removing it. allowed_html
is meant to be a security/safety feature to only allowed html that would not have security implications. While acronym
may no longer be in spec, it doesn't harm anyone to leave it in and browsers still support it.
EDIT: As least for KSES, we should leave it in. I'm more apathetic about the other uses.
#3
@
8 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Thank you for the bug report, @henry.wright!
As @kraftbj mentioned, there are no security implications in allowing acronym
, so it wouldn't be removed from KSES. On top of that, themes don't necessarily declare themselves as HTML5, many are still HTML4 or XHTML, so they can still display the acronym
tag within spec.
All of the other uses are around plugin and theme headers. Due to the burden of requiring all plugins and themes to update their headers to the abbr
tag instead, I don't think this is a feasible change.
brute force patch