Make WordPress Core

Opened 13 months ago

#58377 new defect (bug)

wp_kses filters custom block name with consecutive hyphens

Reported by: munezero999's profile munezero999 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.1.1
Component: Formatting Keywords:
Focuses: Cc:



I worked on a WordPress multisite and administrators cannot edit custom blocks containing consecutive hyphens, but only super administrators. This problem occurs after an administrator registers a page containing custom blocks.

I found that the reason was that WordPress filters HTML content (wp_kses) created by an administrator for security reasons. It prevents the use of multiple dashes in custom block name. Ex: "custom-blocks/contact-form---input" is renamed "custom-blocks/contact-form-input".

In my company, we use dashes ("---") in block name to specify the relation between parent and children blocks. This is really helpful for us. Hence my question, would it be possible to allow multiple dashes in the name of blocks?

Alternative solution

For the moment, we gave the administrators the capability "unfiltered_html". So they can edit the different blocks.

Expected behavior

Allow multiple dashes in block names. Ex: "custom-blocks/contact-form---input"

Step-by-step reproduction instructions

  • Create a custom block with a block name that includes consecutive hyphens. (e.g. custom-blocks/contact-form---input)
  • Insert this block and save the post.
  • Reload the edit screen.
  • The block is no longer editable. "Your site doesn't include support for the xxx"
  • In this case, the block name displayed in the core/missing block is abbreviated to a single hyphen. (e.g. custom-blocks/contact-form---input)

The bug is reproducible on any site not necessarily multisite. In this case, you need to compare between an administrator and an author.

Related GitHub issues

Change History (0)

Note: See TracTickets for help on using tickets.