[wp-trac] [WordPress Trac] #58765: the_block_template_skip_link() - XSS vulnerability - Apply FIX

WordPress Trac noreply at wordpress.org
Sat Jul 8 12:14:25 UTC 2023


#58765: the_block_template_skip_link() - XSS vulnerability - Apply FIX
-------------------------------+------------------------------
 Reporter:  micromadness       |       Owner:  (none)
     Type:  enhancement        |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Security           |     Version:  6.2.2
 Severity:  normal             |  Resolution:
 Keywords:  changes-requested  |     Focuses:
-------------------------------+------------------------------

Comment (by micromadness):

 Alternative solution:

 Use a policy which can create TrustedHTML.

 This would allow all WordPress users to implement the Content Security
 Policy (CSP)  require-trusted-types-for ‘script’;

 also if they use scripts which need "innerHTML".

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58765#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list