Make WordPress Core

Opened 5 years ago

Last modified 5 years ago

#48873 new defect (bug)

CSS Selectors in style tags containing greater than signs are escaped

Reported by: bfintal's profile bfintal Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.3
Component: Formatting Keywords:
Focuses: Cc:

Description

If you have unfiltered html disallowed, and you have in your content a style tag with a > selector, the selector will be escaped into > preventing the CSS from working.

I've used the wp_kses_allowed_html filter to allow style tags in wp_kses.
I also have this defined to disallow unfiltered html:

define( 'DISALLOW_UNFILTERED_HTML', true );

Sample content:

<style>
body > header {
    background: red;
}
</style>

Saving this with unfiltered html disallowed would result in:

<style>
body &gt; header {
    background: red;
}
</style>

Since it's escaped, the CSS stops working.

I don't think there's a way to allow allow > signs in <style> tags.

Change History (1)

#1 @SergeyBiryukov
5 years ago

  • Component changed from General to Formatting
Note: See TracTickets for help on using tickets.