[wp-trac] [WordPress Trac] #63786: KSES: Add new allowed HTML tags

WordPress Trac noreply at wordpress.org
Thu Aug 14 04:00:45 UTC 2025 

#63786: KSES: Add new allowed HTML tags
-------------------------------------+---------------------
 Reporter:  ramiy                    |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  6.9
Component:  General                  |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+---------------------

Comment (by rollybueno):

 == Test Report
 === Description
 This report validates whether the indicated patch works as expected.

 Patch tested: https://github.com/WordPress/wordpress-develop/pull/9379

 === Environment
 - WordPress: 6.9-alpha-60093-src
 - PHP: 8.2.29
 - Server: nginx/1.29.0
 - Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
 - Browser: Chrome 139.0.0.0
 - OS: Linux
 - Theme: Twenty Fifteen 4.0
 - MU Plugins: None activated
 - Plugins:
   * Test Reports 1.2.0

 === Actual Results
 1. ✅ Issue resolved with patch.
    Using the following PHP test code:
    {{{
    $new_tags = [
        '<data value="123">Data content</data>',
        '<datalist id="browsers"><option value="Chrome"><option
 value="Firefox"></datalist>',
        '<dialog open>Dialog content</dialog>',
        '<picture><source srcset="image.webp" type="image/webp"><img
 src="image.jpg" alt="Sample"></picture>',
        '<progress value="70" max="100">70%</progress>',
        '<search><form><input type="search" name="q"></form></search>',
        '<time datetime="2025-08-14">August 14, 2025</time>'
    ];
    $test_html = implode("\n", $new_tags);
    $sanitized = wp_kses_post( $test_html );
    echo $sanitized;
    }}}

 Before applying the patch, most tags were stripped from the output.
 After applying the patch, all 7 tags (`<data>`, `<datalist>`, `<dialog>`,
 `<picture>`, `<progress>`, `<search>`, `<time>`) were preserved.

 === Additional Notes
 - ❗❗ I'm using `htmlentities()` so that I can show the visual difference
 on the sreenshot, but the idea is same and has no difference without
 `htmlentities()`.
 - Patch behaves as expected and aligns with intended changes to extend
 allowed HTML tags.
 - Tested both before and after patch application to confirm the
 difference.

 === Supplemental Artifacts
 **Trunk**:
 [[Image(https://i.imgur.com/A5yVDvw.png)]]
 **With Patch**:
 [[Image(https://i.imgur.com/ykBViOP.png)]]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63786#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list