WordPress.org

Make WordPress Core

Opened 5 days ago

Last modified 5 days ago

#53156 accepted enhancement

Add 'main' tag to kses

Reported by: glendaviesnz Owned by: davidbaumwald
Milestone: 5.8 Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch commit
Focuses: Cc:

Description

Gutenberg recently added the main tag as a wrapper option for the group block for accessibility reasons (https://github.com/WordPress/gutenberg/pull/28576).

This tag is not currently included in $allowedposttags in wp-includes/kses.php, so if this tag is selected by a user without unfiltered_html rights it is stripped from the content on save and the block invalidates when the post/page is reloaded.

To replicate the issue this causes:

  • In an WP env with Gutenberg plugin installed add a user with author permissions
  • Log in as that user and add a group block and set the wrapper as main under Advanced settings
  • Save the post and reload

There don't seem to be any security implications with adding this tag to $allowedposttags, and is probably only missing as it wouldn't have existed when this list was first created.

Change History (4)

This ticket was mentioned in PR #1228 on WordPress/wordpress-develop by glendaviesnz.


5 days ago

  • Keywords has-patch added

Gutenberg recently added the main tag as a wrapper option for the group block for accessibility reasons.

This tag is not currently included in $allowedposttags in wp-includes/kses.php, so if this tag is selected by a user without unfiltered_html rights it is stripped from the content on save and the block invalidates when the post/page is reloaded.

To replicate the issue this causes:

  • In an WP env with Gutenberg plugin installed add a user with author permissions
  • Log in as that user and add a group block and set the wrapper as main under Advanced settings
  • Save the post and reload

Trac ticket: https://core.trac.wordpress.org/ticket/53156

#2 @sabernhardt
5 days ago

  • Component changed from General to Formatting
  • Version trunk deleted

#3 @SergeyBiryukov
5 days ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.8

#4 @davidbaumwald
5 days ago

  • Owner set to davidbaumwald
  • Status changed from new to accepted
Note: See TracTickets for help on using tickets.