Make WordPress Core

Opened 3 months ago

Last modified 2 days ago

#48608 new defect (bug)

SVG tags with numbers in attributes filtered out by KSES despite being allowed

Reported by: johnpgreen Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Formatting Keywords:
Focuses: Cc:


I have been able to successfully extend $allowedposttags using the wp_kses_allowed_html filter to allow a limited set of SVG tags but have encountered issues when attempting to use the <linearGradient> SVG element. This element is unique among the elements I have added in that it has attributes - specifically x1, x2, y1, and y2 - that contain numbers.

I believe I have narrowed down the culprit to the wp_kses_hair function, specifically that case 0 seems to only allow alpha characters.

Change History (3)

#1 @SergeyBiryukov
3 months ago

  • Component changed from General to Formatting

#2 @johnpgreen
7 weeks ago

FYI - this issue also effects the <line> SVG element.

#3 @ayeshrajans
2 days ago

Related: #49464.

Note: See TracTickets for help on using tickets.