[wp-meta] [Making WordPress.org] #6832: Upload of .vtt file refused
Making WordPress.org
noreply at wordpress.org
Mon Mar 6 04:54:51 UTC 2023
#6832: Upload of .vtt file refused
--------------------------+---------------------
Reporter: jdy68 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: HelpHub | Resolution:
Keywords: |
--------------------------+---------------------
Comment (by dd32):
For security purposes, `*.vtt` wouldn't be currently on the allow list,
due to the potential contents of the files. For example, https://owasp.org
/www-community/attacks/Xss_in_subtitle
Before we can move forward with this, someone is going to need to bring
over the sanitizer from WordPress.TV or another project to allow
sanitisation of the uploaded subtitle files.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6832#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list