[wp-meta] [Making WordPress.org] #5464: Plugin Directory: Prevent SVN uploads of animated banners and icons

Making WordPress.org noreply at wordpress.org
Fri Oct 23 07:21:27 UTC 2020


#5464: Plugin Directory: Prevent SVN uploads of animated banners and icons
------------------------------+---------------------
 Reporter:  Ipstenu           |       Owner:  (none)
     Type:  defect            |      Status:  new
 Priority:  normal            |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |
------------------------------+---------------------
Changes (by dd32):

 * keywords:  has-patch =>


Comment:

 Of course, as soon as I posted that, I realised that simply serving the
 SVG as `Content-Disposition: attachment` would probably work around the
 XSS issues, but I'm still not convinced that it's the right move.

 I've uploaded a PR of that for later reference if that's the route that
 gets taken.

 I still think that blocking the import of assets we don't want around is
 probably the better move.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/5464#comment:10>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list