[wp-trac] [WordPress Trac] #53020: Stored XSS via «View details» plugin iFrame
WordPress Trac
noreply at wordpress.org
Mon Apr 12 17:06:19 UTC 2021
#53020: Stored XSS via «View details» plugin iFrame
--------------------------+-----------------------------
Reporter: m0ze | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.8
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: administration
--------------------------+-----------------------------
Changes (by SergeyBiryukov):
* milestone: Awaiting Review => 5.8
Comment:
Hi there, welcome to WordPress Trac! Thanks for the report.
I think we'd want to use `esc_html()` here instead of `strip_tags()`, for
consistency with how contributor names are [source:tags/5.7/src/wp-
admin/includes/plugin-install.php?marks=781#L771 escaped earlier]. Looks
good to me otherwise.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53020#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list