template styling with tags gets stripped on save

Can you give me some additional context about where you’re using this, so I can check it out? I’d like to know specifically which field you’re using this in.

Thank you for your reply. The full template as intended is:

<div class="list-date">
<a href="{linking}" target="_blank">
<div class="list-date-wrap" style="background-color:{color};">
<strong>{date}</strong><br />
<div class="list-text">{time} - {endtime} uur</div>
<div class="list-loc">{location}</div>
</div></a>
</div>
<div class="list-info">
<h3><a href="{linking}" target="_blank">{title}</a></h3>
<div class="list-text">{description}</div>
</div>

The problem is with the third line, the div style is stripped on save, resulting in this:

<div class="list-date">
<a href="{linking}" target="_blank">
<div class="list-date-wrap">
<strong>{date}</strong><br />
<div class="list-text">{time} - {endtime} uur</div>
<div class="list-loc">{location}</div>
</div></a>
</div>
<div class="list-info">
<h3><a href="{linking}" target="_blank">{title}</a></h3>
<div class="list-text">{description}</div>
</div>

But when I replace {color} with a hex code, it is saved. All other {xxx} codes are saved as well.

As I said, it was an existing template that has worked fine for years, so saving this code worked fine in the past.

Hope you can clarify.

• This reply was modified 1 year, 4 months ago by StickyPixels.
• This reply was modified 1 year, 4 months ago by StickyPixels.

Turns out this is because wp_kses disallows curly braces in style attributes. But I can work around it without compromising the security of the sanitization by removing the template tags and restoring them after sanitizing, so that fix will be in the next release.

Thank you for your clarification, I guess that’s a new WP feature then. Looking forward to your fix, thanks in advance.