[wp-trac] [WordPress Trac] #62361: Set filter "activate_tinymce_for_media_description" to "true" is breaking meadia_descripton by running it through "htmlspecialchars()"
WordPress Trac
noreply at wordpress.org
Thu Nov 14 08:48:37 UTC 2024
#62361: Set filter "activate_tinymce_for_media_description" to "true" is breaking
meadia_descripton by running it through "htmlspecialchars()"
-----------------------------------------+------------------------
Reporter: dagobert24 | Owner: joedolson
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 6.8
Component: Media | Version: 6.6.2
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion close | Focuses: ui
-----------------------------------------+------------------------
Comment (by dagobert24):
Replying to [comment:8 azaozz]:
> Replying to [comment:6 dagobert24]:
>
> > I guess running wp_kses_post() makes sense.
>
> Not so sure about that :) KSES, and `wp_kses_post()` are really slow and
are only intended to sanitize HTML on saving to the database. What would
be the reason to run KSES on content retrieved from the database? It is
assumed it was run when that content was saved (which seems to be the case
here too).
Ok, I understand this part. Than the current fix to the bug should be
correct because the content retrieved from the database is already
sanitized.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62361#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list