[wp-trac] [WordPress Trac] #43215: Allow wp_kses to pass allowed CSS properties

[WordPress Trac]

#43215: Allow wp_kses to pass allowed CSS properties
-----------------------------+------------------------------
 Reporter:  mclaurent        |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:  4.9.2
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by vizvizka):

 Hello Mclaurent,

 It has been little late but maybe you can try the code below.

 function custom_wp_kses($data, $allowed_html = array(), $allowed_protocols
 = array()) {

     if (isset($allowed_html['style']) && is_array($allowed_html['style']))
 {
         $allowed_style = $allowed_html['style'];
         unset($allowed_html['style']);
     } else {
         $allowed_style = array();
     }

     foreach ($allowed_style as $property) {
         $allowed_html['style'][] = $property;
     }

     return wp_kses($data, $allowed_html, $allowed_protocols);
 }

 $allowed_output_html = array(
     'script' => array(),
     'noscript' => array(),
     'iframe' => array(
         'src' => array(),
         'width' => array(),
         'height' => array(),
     ),
     'style' => array('display', 'visibility'),
 );

 $allowed_output_protocol = array(
     'https',
     'javascript',
 );

 $google_tag_manager_noscript = '<noscript><iframe
 src="https://www.googletagmanager.com/ns.html?id=123" height="0" width="0"
 style="display:none;visibility:hidden"></iframe></noscript>';

 echo custom_wp_kses($google_tag_manager_noscript, $allowed_output_html,
 $allowed_output_protocol);

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43215#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform