[wp-testers] Bug in kses
Dougal Campbell
dougal at gunters.org
Tue Mar 2 13:16:14 UTC 2010
I haven't seen any activity on my ticket in a couple of days, so I
thought I'd bring it up here, so one of the committers can take a look
and hopefully go ahead and get the patch into trunk:
kses removes valid attribute from xhtml elements
http://core.trac.wordpress.org/ticket/12394
Quick synopsis -- if a user without the 'unfiltered_html' capability
enters XHTML compliant content, kses can incorrectly strip attributes
from empty tags, most commonly 'img' tags.
For example:
Input: <img width='300' height='240' src='myimage.jpg'/>
Output: <img width='300' height='240' />
Note: there is no space between the end of the 'src' attribute and the
'/>' element-close. Though common convention is to include a space there
to maintain backwards compatibility with HTML4 parsers, it is perfectly
valid XHTML. And it will be pretty common when transforming XML data
into XHMTL, which is how I ran into this bug.
I've supplied a patch for trunk and a unit-test on the ticket.
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
http://twitter.com/dougal
http://twitual.com/
More information about the wp-testers
mailing list