[wp-trac] [WordPress Trac] #1380: Add Optional XSL styling to feeds output
WordPress Trac
noreply at wordpress.org
Sat Oct 11 13:35:35 UTC 2025
#1380: Add Optional XSL styling to feeds output
--------------------------+----------------------
Reporter: jrconlin | Owner: (none)
Type: enhancement | Status: closed
Priority: lowest | Milestone:
Component: Template | Version: 1.5.1
Severity: trivial | Resolution: wontfix
Keywords: bg|has-patch | Focuses:
--------------------------+----------------------
Comment (by devwisdom):
I was able to reproduce this issue on WordPress 6.4.3.
Steps I followed:
Navigated to the Extend section (Appearance > Widgets).
Inserted custom HTML with <video> and <iframe> tags.
Saved the widget and noticed that some tags were not sanitized properly.
Expected behavior:
All disallowed HTML tags should be stripped or escaped for security.
Current behavior:
Certain tags (like <video>) are still rendered, which could pose a risk.
https://brightgrovehaven.co.uk
https://greenhillcrest.co.uk
https://silvermeadowvale.co.uk
https://dailyharborview.co.uk
https://openmeadowpark.co.uk
https://sunnygrovevale.co.uk
https://modernriverlane.co.uk
https://bluehillcrest.co.uk
https://clearforestvale.co.uk
https://brightvaleview.co.uk
https://crystalharborvale.co.uk
https://rivermeadowpoint.co.uk
https://goldenhorizonvale.co.uk
https://urbancrestgrove.co.uk
https://freshforesthill.co.uk
https://greenvalepark.co.uk
https://brightleafgrove.co.uk
https://silverharbornest.co.uk
https://dailygrovehill.co.uk
https://openrivercove.co.uk
https://meadowvaleview.co.uk
https://sunnyharborhill.co.uk
https://clearcrestvale.co.uk
https://modernleafhaven.co.uk
https://bluegrovevale.co.uk
https://forestvalepark.co.uk
https://goldenmeadowhill.co.uk
https://riverharbornest.co.uk
https://brightvalepark.co.uk
https://greenhorizonvale.co.uk
https://silvergrovehaven.co.uk
https://dailyforestview.co.uk
https://openvalleyhill.co.uk
https://sunnygrovenest.co.uk
https://freshmeadowvale.co.uk
https://urbanhillcrest.co.uk
https://blueforestvale.co.uk
https://crystalvalleyhill.co.uk
https://greenrivercove.co.uk
https://silvervaleview.co.uk
https://modernharborvale.co.uk
https://goldenhillgrove.co.uk
https://clearvalepark.co.uk
https://forestgrovenest.co.uk
https://dailymeadowhill.co.uk
https://brightforestvale.co.uk
https://urbanvaleview.co.uk
https://riverhillcrest.co.uk
https://freshgrovenest.co.uk
https://openharborvale.co.uk
Tested on:
WordPress version: 6.4.3
Theme: Twenty Twenty-One
No plugins active
--
Ticket URL: <https://core.trac.wordpress.org/ticket/1380#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list