Opened 5 years ago
Last modified 5 years ago
#48873 new defect (bug)
CSS Selectors in style tags containing greater than signs are escaped
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.3 |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
If you have unfiltered html disallowed, and you have in your content a style tag with a >
selector, the selector will be escaped into >
preventing the CSS from working.
I've used the wp_kses_allowed_html
filter to allow style
tags in wp_kses.
I also have this defined to disallow unfiltered html:
define( 'DISALLOW_UNFILTERED_HTML', true );
Sample content:
<style> body > header { background: red; } </style>
Saving this with unfiltered html disallowed would result in:
<style> body > header { background: red; } </style>
Since it's escaped, the CSS stops working.
I don't think there's a way to allow allow >
signs in <style>
tags.
Note: See
TracTickets for help on using
tickets.