[wp-testers] Bug in kses

Dougal Campbell dougal at gunters.org
Tue Mar 2 13:16:14 UTC 2010


I haven't seen any activity on my ticket in a couple of days, so I 
thought I'd bring it up here, so one of the committers can take a look 
and hopefully go ahead and get the patch into trunk:

kses removes valid attribute from xhtml elements
   http://core.trac.wordpress.org/ticket/12394

Quick synopsis -- if a user without the 'unfiltered_html' capability 
enters XHTML compliant content, kses can incorrectly strip attributes 
from empty tags, most commonly 'img' tags.

For example:

   Input: <img width='300' height='240' src='myimage.jpg'/>
   Output: <img width='300' height='240' />

Note: there is no space between the end of the 'src' attribute and the 
'/>' element-close. Though common convention is to include a space there 
to maintain backwards compatibility with HTML4 parsers, it is perfectly 
valid XHTML. And it will be pretty common when transforming XML data 
into XHMTL, which is how I ran into this bug.

I've supplied a patch for trunk and a unit-test on the ticket.

-- 
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
http://twitter.com/dougal
http://twitual.com/



More information about the wp-testers mailing list