[wp-trac] [WordPress Trac] #61052: WP_KSES data attributes: Allow double dash
WordPress Trac
noreply at wordpress.org
Mon Apr 22 19:43:24 UTC 2024
#61052: WP_KSES data attributes: Allow double dash
--------------------------------------+------------------------------
Reporter: cbravobernal | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Comment (by dmsnell):
I've proposed a patch which is permissive here. Core code may be used to
more restrictions, but all of these are allowed in the browser and appear
after requesting the `dataset` for an element. Is there a good reason to
reject such valid data attributes, even if they are somewhat obscure?
If there's one imaginable objection it would be to prevent storing data
attributes named things like `data-no-<img-"tag"-in-here`. This is because
such code might trip up weaker parsers down the line. However, this would
or should be caught higher up than in `wp_kses_attr_check()` and so I
think it's fine here not having that additional restriction.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61052#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list