Privacy: Be less restrictive of the HTML tags allowed in user data exports.
Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags). Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context. Fixes #44044. Props tz-media, desrosj, pento, birgire, garrett-eclipse. Built from https://develop.svn.wordpress.org/trunk@44824 git-svn-id: http://core.svn.wordpress.org/trunk@44656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
desrosj
@@ -13,7 +13,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.2-alpha-44823';
|
||||
$wp_version = '5.2-alpha-44824';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user