Opened 4 years ago
Closed 4 years ago
#46889 closed enhancement (duplicate)
kses allow data: protocol in wp_allowed_protocols
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
It is getting common to use inline base64 encoded images to minimalize request count. It would be great if WordPress' kses would allow to use the data: protocol in src attributes.
Example where the data: protocol get removed:
<?php echo wp_kses_post('<img src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZlcnNpb249IjEuMCIgd2lkdGg9IjEyMDAiIGhlaWdodD0iNjAwIiA+PC9zdmc+" alt="Slider" />');
Suggested code change:
<?php function wp_allowed_protocols() { static $protocols = array(); if ( empty( $protocols ) ) { $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn', 'data'); } if ( ! did_action( 'wp_loaded' ) ) { /** * Filters the list of protocols allowed in HTML attributes. * * @since 3.0.0 * * @param array $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more. */ $protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) ); } return $protocols; }
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hi @nextendweb, thanks for the ticket!
We're already tracking this issue in #19354.