Support » Developing with WordPress » Problem with wp_kses()

  • I am working on making my plugin safer by using wp_kses() for escaping html output.

    It appears that the style attribute display is always stripped, is there a workaround for this other than custom style or the css file?
    Where do i find what tag and style attributes can be added to the accepted items, i.c. can i expect other surprising behaviour like this?

    In the example you will see that the two hidden squares show up in the second sequence, i.e. the sequence filtered by wp_kses().
    Example code:

    
    <?php
    $html = '<div style="height:100px;width:100px;background-color:blue;display:inline-block;float:left;" ></div>' .
    		'<p style="height:100px;width:100px;background-color:green;display:inline-block;float:left;" ></p>' .
    		'<div style="height:100px;width:100px;background-color:yellow;display:none;float:left;" ></div>' .
    		'<p style="height:100px;width:100px;background-color:purple;display:none;float:left;" ></p>';
    echo ( $html );
    
    echo '<div style="clear:both" ></div>';
    $allowed = array(
    				'div' => array(
    					'style' => true,
    					),
    				'p' => array(
    					'style' => true,
    					),	
    				);
    echo wp_kses( $html, $allowed );
    
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Problem with wp_kses()’ is closed to new replies.