[wp-trac] [WordPress Trac] #62619: Remove `wp_kses_post()` filtering from admin notices

Thu Feb 27 22:48:08 UTC 2025

#62619: Remove `wp_kses_post()` filtering from admin notices
----------------------------+---------------------
 Reporter:  azaozz          |       Owner:  (none)
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  6.8
Component:  Administration  |     Version:  6.4
 Severity:  normal          |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+---------------------

Comment (by azaozz):

 Replying to [comment:11 joedolson]:
 > As I recall from discussion (and I can't find the discussion, so I can't
 be more detailed than that), the external error message case was the
 primary reason...

 Sure, but was it the best solution to filter the HTML of countless hard-
 coded messages instead of escape (or filter if that was acceptable) the
 HTML only there?

 Frankly the use of `wp_kses_post()` there does nothing. It is just some
 overhead that slows down WP a little bit. True, maybe that overhead is not
 big, but still some pointless code is run every time. This goes directly
 against the efforts of the performance team, and also changes the
 established way to show admin notices from before that function was
 introduced. You can see how many regressions were reported when it was
 committed, and how many individual edge case fixes had to be made.

 I've been wondering: why is it that hard to see that a not-so-good
 decision was made at the time and just improve it? I really regret not
 being able to review this in time, but the code is not "set in stone"
 right? Anything and everything can be improved :)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62619#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform