Inline style shortcode for background-image issue #2

[markusfroehlich]

Shortcodes in a style attribute for example:

<div style="background-image: url([my-shortcode id='1']);"></div>

are not working, because in the function "safecss_filter_attr()" (w-includes/kses.php) (Line: 1688), the regex filters the "(" and return an empty string. I know that this a security restriction is. But it is it possible to filter the regex pattern with a WordPress filter?

My problem is, that i am writing on an Template WordPress Plugin for Custom Post Types. The Plugin can use the Muffin Builder (Betheme) or Visual Composer. Now when the users (or employees) want to place a shortcode in the Background Image Field, the shortcode will be ignored because of the safecss_filter_attr() function. Please give me a help and let me filter the regex pattern.

Thank you very much Markus

[azaozz]

But is it possible to filter the regex pattern with a WordPress filter?

You mean, so plugins can remove it or make it insecure when they want to? Don't think this is a good idea :)

As I replied to your other ticket, #40744, using shortcodes in HTML attributes is bad idea and is officially not supported. I know that it kind of works, which is unfortunate. However it is considered a bad practice. Look at the example in the ticket above: using a shortcode makes the URL invalid.

I'm actually thinking we should add a filter/scan for similar shortcodes usage in the plugin directory and flag plugins that do it. Then perhaps show a warning on the plugins page that the plugin doesn't follow "best practices".