[wp-trac] [WordPress Trac] #43215: Allow wp_kses to pass allowed CSS properties
WordPress Trac
noreply at wordpress.org
Thu Jan 16 07:14:14 UTC 2025
#43215: Allow wp_kses to pass allowed CSS properties
-----------------------------+------------------------------
Reporter: mclaurent | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.2
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by davidtheplumber):
Escape and re-add styles after the wp_kses call using placeholder tokens:
{{{
$google_tag_manager_noscript = <<<ENDSTRING
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=123"
height="0" width="0" style="###STYLE###"></iframe></noscript>
ENDSTRING;
// Replace style with a placeholder
$google_tag_manager_noscript = str_replace(
'style="display:none;visibility:hidden"',
'style="###STYLE###"',
$google_tag_manager_noscript
);
$output = wp_kses($google_tag_manager_noscript, $allowed_output_html,
$allowed_output_protocol);
// Restore the escaped styles
$output = str_replace('###STYLE###', 'display:none;visibility:hidden',
$output);
echo $output;
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43215#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list