[wp-trac] Re: [WordPress Trac] #3986: XSS in wp_nonce_ays

WordPress Trac wp-trac at lists.automattic.com
Sat Mar 17 08:42:54 GMT 2007


#3986: XSS in wp_nonce_ays
-----------------------------+----------------------------------------------
 Reporter:  xknown           |        Owner:  anonymous
     Type:  defect           |       Status:  new      
 Priority:  highest omg bbq  |    Milestone:  2.1.3    
Component:  Security         |      Version:  2.1.2    
 Severity:  normal           |   Resolution:           
 Keywords:  has-patch        |  
-----------------------------+----------------------------------------------
Comment (by ryan):

 We're using clean_url instead of attribute_escape for content that goes in
 an href or src.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3986#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list