Make WordPress Core

Opened 20 months ago

Last modified 18 months ago

#55605 new defect (bug)

kses "selected" for option

Reported by: malthert's profile malthert Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.9
Component: Security Keywords: has-patch
Focuses: Cc:

Description

<select>
  <option>A</option>
  <option selected>B</option>
  <option>C</option>
</select>

wp_kses_post should not strip the "selected" from option

Change History (3)

This ticket was mentioned in PR #2654 on WordPress/wordpress-develop by kkmuffme.


19 months ago
#1

  • Keywords has-patch added

Trac ticket: https://core.trac.wordpress.org/ticket/55605

Additionally:

  • update global HTML tag attributes to match attributes in 2022 (e.g. SEO,... with itemprop,...)

*

  • sort modified tag attributes alphabetically (no removals)
  • add all attributes for <img> tag
  • allow picture + source tag to allow loading webp,... with fallback
  • allow select + option tags for dropdowns
  • allow meta and link tag for improved SEO and performance
  • allow autocomplete attribute for form

Attributes are mostly based on https://developer.mozilla.org/en-US/docs/Web/HTML/Element with some containing browser specifics which were introduced in the last years.

The tags were chosen based on a WP installation that contains the most popular WP + WooCommerce plugins, as well as features introduced by browsers (e.g. picture tag)

#2 @costdev
19 months ago

  • Version changed from trunk to 2.9

#3 @malthert
18 months ago

#53098 was marked as a duplicate.

Note: See TracTickets for help on using tickets.