[wp-trac] Re: [WordPress Trac] #3986: XSS in wp_nonce_ays
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 17 08:42:54 GMT 2007
#3986: XSS in wp_nonce_ays
-----------------------------+----------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: highest omg bbq | Milestone: 2.1.3
Component: Security | Version: 2.1.2
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------------+----------------------------------------------
Comment (by ryan):
We're using clean_url instead of attribute_escape for content that goes in
an href or src.
--
Ticket URL: <http://trac.wordpress.org/ticket/3986#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list