[wp-trac] [WordPress Trac] #44724: KSES: Allow 'download' attribute for links
WordPress Trac
noreply at wordpress.org
Mon Oct 22 05:39:05 UTC 2018
#44724: KSES: Allow 'download' attribute for links
--------------------------------------+------------------------
Reporter: SergeyBiryukov | Owner: chriscct7
Type: enhancement | Status: accepted
Priority: normal | Milestone: 5.0
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------
Comment (by pento):
We don't need to remove the `download` attribute entirely. If we just
restrict it to being set (but not given a value), that removes the
security issues.
For sites that use a CDN for hosting uploads, it's possible touse a file
passthrough handler to add the `Content-Disposition: attachment` header,
forcing the file to be a download.
This ticket doesn't need an update until
[https://github.com/WordPress/gutenberg/pull/10693 GB#10693] is resolved,
which will change the behaviour of the file block to match.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44724#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list