Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#53156 closed defect (bug) (fixed)

Add 'main' tag to kses

Reported by: glendaviesnz's profile glendaviesnz Owned by: davidbaumwald's profile davidbaumwald
Milestone: 5.8 Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

Gutenberg recently added the main tag as a wrapper option for the group block for accessibility reasons (https://github.com/WordPress/gutenberg/pull/28576).

This tag is not currently included in $allowedposttags in wp-includes/kses.php, so if this tag is selected by a user without unfiltered_html rights it is stripped from the content on save and the block invalidates when the post/page is reloaded.

To replicate the issue this causes:

  • In an WP env with Gutenberg plugin installed add a user with author permissions
  • Log in as that user and add a group block and set the wrapper as main under Advanced settings
  • Save the post and reload

There don't seem to be any security implications with adding this tag to $allowedposttags, and is probably only missing as it wouldn't have existed when this list was first created.

Change History (13)

This ticket was mentioned in PR #1228 on WordPress/wordpress-develop by glendaviesnz.


4 years ago
#1

  • Keywords has-patch added

Gutenberg recently added the main tag as a wrapper option for the group block for accessibility reasons.

This tag is not currently included in $allowedposttags in wp-includes/kses.php, so if this tag is selected by a user without unfiltered_html rights it is stripped from the content on save and the block invalidates when the post/page is reloaded.

To replicate the issue this causes:

  • In an WP env with Gutenberg plugin installed add a user with author permissions
  • Log in as that user and add a group block and set the wrapper as main under Advanced settings
  • Save the post and reload

Trac ticket: https://core.trac.wordpress.org/ticket/53156

#2 @sabernhardt
4 years ago

  • Component changed from General to Formatting
  • Version trunk deleted

#3 @SergeyBiryukov
4 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.8

#4 @davidbaumwald
4 years ago

  • Owner set to davidbaumwald
  • Status changed from new to accepted

#5 follow-up: @jorbin
4 years ago

  • Keywords needs-unit-tests added; commit removed

The patch itself looks fine, but this should have some unit tests to make sure the functionality works as expected now and in the future.

#6 @poena
4 years ago

  • Type changed from enhancement to defect (bug)

#7 in reply to: ↑ 5 @glendaviesnz
4 years ago

Replying to jorbin:

The patch itself looks fine, but this should have some unit tests to make sure the functionality works as expected now and in the future.

I have added a basic unit test to the PR - https://github.com/WordPress/wordpress-develop/pull/1228/commits/ddd994fdac637c5752c6f16a5dfdbd1050cf2cfd - at this stage just checking that the style and class attributes are preserved as these are the critical ones from a gutenberg block perspective, but let me know if you think it is worth testing anything else.

#8 follow-up: @jorbin
4 years ago

Thanks for udating the patch to add tests @glendaviesnz. Also, since no one has welcomed you yet, welcome and thanks for the ticket and initial patch.

I've updated the test to simplify it a bit and am going to commit everything now.

#9 @jorbin
4 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 50987:

Formatting: Add 'main' tag to kses

main is a valid HTML element that is especially valuable for KSES to support in light of full site editing.

Related: https://github.com/WordPress/gutenberg/pull/28576 for the addition of main to the group block.

Fixes #53156.
Props glendaviesnz.

aaronjorbin commented on PR #1228:


4 years ago
#10

Noting that I fixed the phpcs piece locally before commiting in SVN but not here. This was committed in https://core.trac.wordpress.org/changeset/50987

#11 in reply to: ↑ 8 @glendaviesnz
4 years ago

Replying to jorbin:

Also, since no one has welcomed you yet, welcome

Thanks!

I've updated the test to simplify it a bit and am going to commit everything now.

Thanks also for tidying this up, and finalising.

#12 @desrosj
4 years ago

In 51007:

Coding Standards: Apply some minor coding standards adjustments.

Follow up to [50977], [50987], and [50995].

See #41683, #53156, #53175.

This ticket was mentioned in PR #1301 on WordPress/wordpress-develop by peterwilsoncc.


4 years ago
#13

  • Keywords has-unit-tests added; needs-unit-tests removed

This reverts commit 84eee38fcb4114595f1cc6b751868c5649cbc1e6.

# Conflicts:
# src/wp-includes/kses.php

Testing revert to see if PHP 8 stops hanging.
https://core.trac.wordpress.org/ticket/53156

Note: See TracTickets for help on using tickets.