[wp-trac] [WordPress Trac] #46878: Site Health: Allow 'target' in 'a' tags in the debug data description
WordPress Trac
noreply at wordpress.org
Thu Apr 18 05:39:47 UTC 2019
#46878: Site Health: Allow 'target' in 'a' tags in the debug data description
------------------------------------------------+---------------------
Reporter: kraftbj | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.2
Component: Administration | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch site-health dev-feedback | Focuses:
------------------------------------------------+---------------------
Changes (by pento):
* keywords: has-patch site-health commit => has-patch site-health dev-
feedback
Comment:
@Clorith: Can you provide some context for why it's being run through
KSES? Anything that's able to hook into the `debug_information` filter
will be able to print its own arbitrary HTML, so it doesn't seem like
there'd be any security benefit.
If a plugin wants to add ridiculous HTML, I don't think there's much we
can realistically do about that. Instead of adding it directly to the
description, they'd just have to write a little bit of JS to alter the
HTML in the browser, instead.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46878#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list