Problem with wp_kses()
-
I am working on making my plugin safer by using wp_kses() for escaping html output.
It appears that the style attribute display is always stripped, is there a workaround for this other than custom style or the css file?
Where do i find what tag and style attributes can be added to the accepted items, i.c. can i expect other surprising behaviour like this?In the example you will see that the two hidden squares show up in the second sequence, i.e. the sequence filtered by wp_kses().
Example code:<?php $html = '<div style="height:100px;width:100px;background-color:blue;display:inline-block;float:left;" ></div>' . '<p style="height:100px;width:100px;background-color:green;display:inline-block;float:left;" ></p>' . '<div style="height:100px;width:100px;background-color:yellow;display:none;float:left;" ></div>' . '<p style="height:100px;width:100px;background-color:purple;display:none;float:left;" ></p>'; echo ( $html ); echo '<div style="clear:both" ></div>'; $allowed = array( 'div' => array( 'style' => true, ), 'p' => array( 'style' => true, ), ); echo wp_kses( $html, $allowed );
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Problem with wp_kses()’ is closed to new replies.