diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 8be3f79d56..407a8f5d08 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -184,15 +184,6 @@ if ( ! CUSTOM_TAGS ) { 'lang' => true, 'xml:lang' => true, ), - 'form' => array( - 'action' => true, - 'accept' => true, - 'accept-charset' => true, - 'enctype' => true, - 'method' => true, - 'name' => true, - 'target' => true, - ), 'h1' => array( 'align' => true, ), @@ -612,6 +603,7 @@ function wp_kses_one_attr( $string, $element ) { * Return a list of allowed tags and attributes for a given context. * * @since 3.5.0 + * @since 5.0.1 `form` removed as allowable HTML tag. * * @global array $allowedposttags * @global array $allowedtags @@ -641,7 +633,27 @@ function wp_kses_allowed_html( $context = '' ) { switch ( $context ) { case 'post': /** This filter is documented in wp-includes/kses.php */ - return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context ); + $tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context ); + + // 5.0.1 removed the `