From cab053271e272a21b4d140e50ac0d6a78094ecd5 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Thu, 31 Mar 2022 03:52:31 +0000 Subject: [PATCH] KSES: Document HTML allow list is in lowercase. Expand documentation of the `wp_kses_allowed_html` hook to indicate that developers must add permitted HTML tags and attributes in lowercase for KSES to recognise they are permitted. Props r-a-y, SergeyBiryukov, peterwilsoncc. Fixes #55407. See #53399. git-svn-id: https://develop.svn.wordpress.org/trunk@53034 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/kses.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php index 03a4881fb3..b32df1beaa 100644 --- a/src/wp-includes/kses.php +++ b/src/wp-includes/kses.php @@ -820,6 +820,10 @@ function wp_kses_allowed_html( $context = '' ) { /** * Filters the HTML tags that are allowed for a given context. * + * HTML tags and attribute names are case-insensitive in HTML but must be + * added to the KSES allow list in lowercase. An item added to the allow list + * in upper or mixed case will not recognized as permitted by KSES. + * * @since 3.5.0 * * @param array[] $html Allowed HTML tags.