[wp-trac] [WordPress Trac] #62024: wp_kses_post incorrectly escapes "<" attributes values
WordPress Trac
noreply at wordpress.org
Tue Oct 22 13:43:56 UTC 2024
#62024: wp_kses_post incorrectly escapes "<" attributes values
--------------------------+-------------------------------
Reporter: jernstjernst | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: coding-standards
--------------------------+-------------------------------
Comment (by jonsurrell):
This is certainly incorrect behavior and the HTML you shared is indeed
fine. The fundamental problem is that kses, as a system, doesn't really
understand HTML.
There are efforts to improve things with the
[https://make.wordpress.org/core/2024/10/17/updates-to-the-html-api-
in-6-7/ HTML API], but it's not entirely ready to replace everything kses
does yet.
I'd suggest encoding the attribute value as a workaround, kses shouldn't
have a problem understanding this HTML:
{{{#!php
<?php
wp_kses_post('<button data-glide-dir="<"><</button>');
// returns '<button data-glide-dir=\"<\"><</button>'
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62024#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list