Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where do we use wp_kses? Where should we use it? #1172

Open
4 tasks
benlk opened this issue Mar 17, 2016 · 2 comments
Open
4 tasks

Where do we use wp_kses? Where should we use it? #1172

benlk opened this issue Mar 17, 2016 · 2 comments
Assignees
@benlk
Labels
status: needs review type: question

Comments

@benlk
Copy link
Collaborator

benlk commented Mar 17, 2016

From #1168:

I'm not necessarily opposed to using wp_kses here (although I think it's overkill) but if we do it here...why aren't we using it for every text field in the theme options? For category/term descriptions? Everywhere else? It would make a lot more sense to have a globally allowed list of tags for user-entered description text. It's weird to make this the only exception and then it also makes the docs here way too heavy-handed. This should be re-thought.

Questions:

  • what text fields do we sanitize with wp_kses or similar functions?
  • what text fields do we not sanitize?
  • what text fields should we sanitize?
  • what level of sanitization should each text field use?

This might require a spreadsheet. 😢
@benlk benlk added this to the Backlog milestone Mar 17, 2016
@benlk benlk mentioned this issue Mar 17, 2016
Merged
@aschweigert aschweigert assigned benlk and unassigned aschweigert Apr 11, 2016
@benlk
Copy link
Collaborator Author

benlk commented Apr 11, 2016

#1196 is a documentation improvement that will hopefully help prevent the necessity of wp_kses.

@rclations
Copy link

some useful info on wp_kses() - https://www.tollmanz.com/wp-kses-performance/

@benlk benlk removed this from the Backlog milestone Apr 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benlk benlk

Labels
status: needs review type: question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aschweigert @benlk @rclations