[wp-trac] [WordPress Trac] #6583: kses Allows Invalid Unicode
Numeric Entities
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 4 06:46:58 GMT 2008
#6583: kses Allows Invalid Unicode Numeric Entities
----------------------+-----------------------------------------------------
Reporter: schiller | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.7
Component: General | Version:
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
wp_kses_normalize_entities() allows a user to type "" in a
comment. This is not properly escaped as "". For bloggers
outputting true XHTML, this is disastrous. kses should be modified to
escape the ampersand in any numeric entity reference that is not a valid
Unicode character.
--
Ticket URL: <http://trac.wordpress.org/ticket/6583>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list