Context Navigation

← Previous Ticket
Next Ticket →

#55605 new defect (bug)

kses "selected" for option

Reported by:	malthert	Owned by:
Milestone:	Awaiting Review	Priority:	normal
Severity:	normal	Version:	2.9
Component:	Security	Keywords:	has-patch
Focuses:		Cc:

Description

<select>
  <option>A</option>
  <option selected>B</option>
  <option>C</option>
</select>

wp_kses_post should not strip the "selected" from option

Change History (3)

This ticket was mentioned in PR #2654 on WordPress/wordpress-develop by kkmuffme.

19 months ago #1

Keywords has-patch added

Trac ticket: https://core.trac.wordpress.org/ticket/55605

Additionally:

update global HTML tag attributes to match attributes in 2022 (e.g. SEO,... with itemprop,...)

sort modified tag attributes alphabetically (no removals)
add all attributes for <img> tag
allow picture + source tag to allow loading webp,... with fallback
allow select + option tags for dropdowns
allow meta and link tag for improved SEO and performance
allow autocomplete attribute for form

Attributes are mostly based on https://developer.mozilla.org/en-US/docs/Web/HTML/Element with some containing browser specifics which were introduced in the last years.

The tags were chosen based on a WP installation that contains the most popular WP + WooCommerce plugins, as well as features introduced by browsers (e.g. picture tag)

#2 @costdev
19 months ago

Version changed from trunk to 2.9

#3 @malthert
18 months ago

#53098 was marked as a duplicate.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core