[buddypress-trac] [BuddyPress Trac] #7795: BP Nouveau: restrict Messages UI editor buttons and allowed tags.
buddypress-trac
noreply at wordpress.org
Thu May 3 09:05:08 UTC 2018
#7795: BP Nouveau: restrict Messages UI editor buttons and allowed tags.
--------------------------+-----------------------------------
Reporter: imath | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Templates | Version:
Severity: normal | Keywords: has-patch 2nd-opinion
--------------------------+-----------------------------------
Today the Messages UI editor loads default buttons, and allows the same
tags than WordPress Posts. I think we should restrict this a little more.
NB: conparing to the {{{src/bp-messages/bp-messages-filters.php}}} where
{{{wp_filter_kses}}} is used, i suggest something more permissive (eg:
img) to justify the use of the editor.
I think as it's specific to BP Nouveau, we shouldn't edit {{{src/bp-
messages/bp-messages-filters.php}}} to avoid possible impacts on BP Legacy
so close to release though.
See attached patch, I'm basically allowing the same html tags than
Activity content
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7795>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list