[wp-trac] [WordPress Trac] #43215: Allow wp_kses to pass allowed CSS properties
WordPress Trac
noreply at wordpress.org
Sat Nov 8 18:10:17 UTC 2025
#43215: Allow wp_kses to pass allowed CSS properties
-----------------------------+------------------------------
Reporter: mclaurent | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.2
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by sarapalmer2352):
It seems that currently the only way to allow the "style" attribute from
showing is to write a filter for "safe_style_css" to add in the "display"
and "visibility" attributes, however this means that we are globally
altering this behavior, which in other scenarios would allow unexpected
HTML to appear (ie unsafe element properties). Even when removing the
items immediately after executing the code will not work because the
attribute may in the future be consider secure. This then causes an
inconsistent execution.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43215#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list