remcotolsma
commented
11 months ago HTML is limited to:
[
'a' => [
'href' => true,
'target' => true,
],
'br' => [],
'code' => [],
]- https://github.com/pronamic/wp-pronamic-pay-adyen/blob/73985eb0082ee424febc9d98a24a28332828e16f/src/Integration.php#L222-L413
- https://github.com/pronamic/wp-pronamic-pay-ideal/blob/9ab8fca9d8b471353d9e300ac50a73ced4256658/src/AbstractIntegration.php#L32-L106
- https://github.com/pronamic/wp-pronamic-pay-omnikassa-2/blob/d09ad0e964f907625e11d66dd227a92299da092e/src/Integration.php#L186-L265
- https://github.com/pronamic/wp-pronamic-pay-ideal-advanced-v3/blob/627ef2e610ab1426127a33fa346f28e92e35a78a/src/Integration.php#L63-L214
- https://github.com/pronamic/wp-pronamic-pay-buckaroo/blob/69359af86d8d637dd5f357e2f4fb9102697c82b9/src/Integration.php#L123-L206
- https://github.com/pronamic/wp-pronamic-pay-payvision/blob/509bd91f2c3751b2491106154a7d6e378b5d650c/src/Integration.php#L92-L177
- https://github.com/pronamic/wp-pronamic-pay-icepay/blob/e3443e88eb4fbd52d8e7eaf0d692039f44160a7e/src/Integration.php#L51-L144
- https://github.com/pronamic/wp-pronamic-pay-ems-e-commerce/blob/883e2a78dd85e149c5a5d90be234cac95b3e1226/src/Integration.php#L61-L141
- https://github.com/pronamic/wp-pronamic-pay-mollie/blob/db6e935910d7077c158f5817ced143c506716cc5/src/Integration.php#L157-L208
We currently do not escape gateway integration settings field descriptions:
https://github.com/pronamic/wp-pay-core/blob/8382cc083a42cf8ff5987c9a54bb8b483398b9fa/views/meta-box-gateway-settings.php#L412-L417
The WordPress.org plugin review team is currently stumbling over this:
Discussed with @rvdsteege at @pronamic HQ, we are going to restrict the use of HTML elements and attributes via
wp_kses(https://developer.wordpress.org/reference/functions/wp_kses/).We will look at which HTML elements are currently in use: https://github.com/search?q=org%3Apronamic+%27description%27+path%3AIntegration.php&type=code