[wp-trac] Re: [WordPress Trac] #3592: Links with double-quotes fail
to validate
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 17 19:33:19 GMT 2007
#3592: Links with double-quotes fail to validate
-------------------------------+--------------------------------------------
Reporter: irayo | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.2
Component: General | Version: 2.0.7
Severity: minor | Resolution:
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Changes (by foolswisdom):
* milestone: => 2.2
Comment:
charleshooper, great work!
I wrote I failed to reproduce because I got distracted and focused by the
claim of a vulnability. Although I was able to reproduce invalid html, I
could not find an exploit.
MarkJaquith emailed wp-hackers "Authors without the unfiltered_html
capability have their posts
filtered by KSES, eliminating the XSS risk. This is just an issue of
XHTML validation."
--
Ticket URL: <http://trac.wordpress.org/ticket/3592#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list