[wp-trac] Re: [WordPress Trac] #3299: clean_url() not working for
non-HTTP URLS
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 2 12:54:17 GMT 2007
#3299: clean_url() not working for non-HTTP URLS
-------------------------+--------------------------------------------------
Reporter: redclown | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4 (future)
Component: General | Version: 2.3
Severity: normal | Resolution:
Keywords: needs-patch |
-------------------------+--------------------------------------------------
Changes (by westi):
* keywords: has-patch => needs-patch
Comment:
-1 to current patch
If we are to support other types of url in clean_url then they should be
whitelisted.
clean_url is used to sanitise things like commenter urls so we must ensure
that things like javascript cannot be used to stop possible XSS attacks.
--
Ticket URL: <http://trac.wordpress.org/ticket/3299#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list