Make WordPress Core

Opened 5 weeks ago

Last modified 5 weeks ago

#60347 new defect (bug)

wp_kses breaking text fragments links

Reported by: asafm7's profile asafm7 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:



It seems that wp_kses() (probably wp_kses_bad_protocol()) is breaking text fragments links (

For example:
<a href="#:~:text=highlight>Link</a>

This issue became more prominent as recently ACF started escaping HTML using the wp_kses() function (

I confirmed the issue with ACF's support.

Change History (1)

#1 @asafm7
5 weeks ago

I forgot to mention that it only happens to relative links, without a protocol.

Like in the example I provided:

<a href="#:~:text=highlight>Link</a>

Note: See TracTickets for help on using tickets.