WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 3 months ago

#40744 closed defect (bug) (wontfix)

Inline style shortcode for background-image issue

Reported by: markusfroehlich Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.4
Component: Editor Keywords:
Focuses: Cc:
PR Number:

Description

Shortcodes in astyle attribute for example:

<div style="background-image: url("[my-shortcode id="1"]");"></div>

are not working, because in the function "safecss_filter_attr()" (w-includes/kses.php) (Line: 1688), the regex filters the "(" and return an empty string.

Change History (3)

#1 @bdbch
2 years ago

  • Component changed from General to Editor

@markusfroehlich are you trying to add this in the WP Wysiwyg Editor?

I tried to but for me, the shortcode wasn't processed in any html attribute except src

#2 @azaozz
2 years ago

  • Keywords close added

Mixing shortcodes and HTML tags is a really bad practice. It's slow, hard to process, and prone to errors and numerous edge cases.

This particular case isn't working because of a security restriction. The fix is to not use shortcode inside HTML attribute. If it has to be a shortcode, how about [my-background-image-shortcode-thing id="1"] instead of the <div>?

#3 @pento
3 months ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Due to the reasons mentioned above, this is not something we can safely fix. As such, I'm going to close this ticket.

Note: See TracTickets for help on using tickets.