[wp-trac] Re: [WordPress Trac] #4409: KSES removes text after a
non-tag less than sign
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 6 10:25:17 GMT 2007
#4409: KSES removes text after a non-tag less than sign
----------------------+-----------------------------------------------------
Reporter: mdawaffe | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.3 (trunk)
Component: General | Version: 2.2
Severity: critical | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by westi):
Replying to [comment:1 mdawaffe]:
> 4409.diff: a possible solution.
>
> 1. Tweaks a kses regex.
> 2. Converts
> This will need some serious testing to ensure it doesn't open any
security holes.
Is it worth taking an alternative approach to this and adding a new filter
to post/comment content before the kses filter which converts lone < and >
to > and < so as to not deviate from the stand kses code and
preserve the current level of security?
--
Ticket URL: <http://trac.wordpress.org/ticket/4409#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list