[wp-hackers] Why kses filtered html strips class?
Otto
otto at ottodestruct.com
Fri Aug 3 17:53:29 GMT 2007
On 8/2/07, Chris <chris.hearn01 at ntlworld.com> wrote:
> Still dont understand why WP whacks it tho!
Because class is a security risk. So is style and such. With access to
classes and/or styles, it's possible to absolutely position some text
or other code elsewhere on the page. Perhaps overwriting a login form
or something else, and thus allowing one of your editors to trick
somebody into giving up information. There's other ways to do bad
things with class too, the point is that if they have unfettered
access to class adjustment then they can potentially change your site
in insecure ways.
More information about the wp-hackers
mailing list