Make WordPress Core

Opened 6 months ago

Last modified 3 weeks ago

#60347 new defect (bug)

wp_kses breaking text fragments links

Reported by: asafm7's profile asafm7 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:



It seems that wp_kses() (probably wp_kses_bad_protocol()) is breaking text fragments links (

For example:
<a href="#:~:text=highlight>Link</a>

This issue became more prominent as recently ACF started escaping HTML using the wp_kses() function (

I confirmed the issue with ACF's support.

Change History (2)

#1 @asafm7
6 months ago

I forgot to mention that it only happens to relative links, without a protocol.

Like in the example I provided:

<a href="#:~:text=highlight>Link</a>

#2 @asafm7
3 weeks ago

Hi, is there any way to promote a fix for this issue?

Note: See TracTickets for help on using tickets.