WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#47283 new enhancement

Strip inline JS and CSS while trying to figure out the pingback context

Reported by: david.binda Owned by:
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Pings/Trackbacks Keywords: has-patch needs-unit-tests
Focuses: Cc:

Description

When testing the pingbacks on PHP 7.3, we run into a backward compatibility issue with strip_tags ( see https://bugs.php.net/bug.php?id=78003 ) which made me look into the implementation of the context lookup for the pingback link.

When using the strip_tags with whitelisted <a> element ( see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-xmlrpc-server.php?rev=45310#L6805 ), we are still getting a lot of inline CSS and JS in the output which needs to be checked. I believe that it would make the implementation more reliable (and it would have actually prevented the PHP bug mentioned above from breaking the stuff) if the inline CSS and JS content would be removed.

Attachments (1)

47283.diff (646 bytes) - added by david.binda 2 months ago.

Download all attachments as: .zip

Change History (2)

@david.binda
2 months ago

#1 @SergeyBiryukov
2 months ago

  • Keywords has-patch needs-unit-tests added
  • Milestone changed from Awaiting Review to 5.3
Note: See TracTickets for help on using tickets.