[buddypress-trac] [BuddyPress Trac] #7948: HTML sanitization for user-generated content in notification emails
buddypress-trac
noreply at wordpress.org
Fri Aug 24 14:53:26 UTC 2018
#7948: HTML sanitization for user-generated content in notification emails
--------------------------+----------------------------------
Reporter: boonebgorges | Owner: DJPaul
Type: enhancement | Status: new
Priority: normal | Milestone: Under Consideration
Component: Emails | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
--------------------------+----------------------------------
Changes (by DJPaul):
* owner: (none) => DJPaul
* component: Core => Emails
* milestone: Awaiting Review => Under Consideration
Comment:
> rendering HTML in emails is really hard
> user-provided content
Yes.
> it's worth exploring the introduction of a few pieces of validation into
BP core itself
Image width is going to be dependant on the template. We could do support
for the template that we ship with, but how then does that PHP adapt to
the custom email template that a theme may add?
We could support a limited set of HTML elements via KSES, if you want to
come up with a sensible list.
As you allude to, this was not done originally, for simplicity and time
reasons.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7948#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list