[wp-meta] [Making WordPress.org] #5464: Plugin Directory: Prevent SVN uploads of animated banners and icons
Making WordPress.org
noreply at wordpress.org
Fri Oct 23 07:21:27 UTC 2020
#5464: Plugin Directory: Prevent SVN uploads of animated banners and icons
------------------------------+---------------------
Reporter: Ipstenu | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Changes (by dd32):
* keywords: has-patch =>
Comment:
Of course, as soon as I posted that, I realised that simply serving the
SVG as `Content-Disposition: attachment` would probably work around the
XSS issues, but I'm still not convinced that it's the right move.
I've uploaded a PR of that for later reference if that's the route that
gets taken.
I still think that blocking the import of assets we don't want around is
probably the better move.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5464#comment:10>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list