[wp-trac] [WordPress Trac] #49464: wp_kses_hair and wp_kses_hair_parse regex is not allowing digits in attribute names
WordPress Trac
noreply at wordpress.org
Tue Feb 18 12:05:00 UTC 2020
#49464: wp_kses_hair and wp_kses_hair_parse regex is not allowing digits in
attribute names
----------------------------------------+---------------------
Reporter: codeforest | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: Formatting | Version: 5.3.2
Severity: major | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+---------------------
Comment (by zodiac1978):
This would fix a bug I was examining exactly at the same time.
`wp_kses_post` is stripping out "data-" attributes if they are containg
underscores, like `data-test_test`.
$test1 = wp_kses_post('<a href="http://google.de">Google</a>');
$test2 = wp_kses_post('<a data-test="xxx"
href="http://google.de">Google</a>');
$test3 = wp_kses_post('<a data-test_test="yyy"
href="http://google.de">Google</a>');
1 and 2 would be fine, but for 3 the attribute gets stripped out.
The RegEx from the patch would solve this:
Before patch:
https://regex101.com/r/bAeYTE/1
After patch:
https://regex101.com/r/Hbnfmo/1
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49464#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list