[wp-trac] Re: [WordPress Trac] #5917: Kses should apply bad-protocol check only to URI typed attributes

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 27 10:13:20 GMT 2008


#5917: Kses should apply bad-protocol check only to URI typed attributes
----------------------------+-----------------------------------------------
 Reporter:  takayukister    |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  normal          |    Milestone:  2.6      
Component:  General         |      Version:  2.5      
 Severity:  normal          |   Resolution:           
 Keywords:  kses has-patch  |  
----------------------------+-----------------------------------------------
Comment (by takayukister):

 Andy, what kind of whitelist do you mean?

 Actually I was trying picking up attributes which can include colon
 safely, like <img alt="">, instead of picking away attributes with URI
 value like my first patch. But I eventually realized that most of
 attributes can include colon, not only CDATA and Text type, all ID and
 Name attributes can include colon as well [*], so I thought specifying all
 these attributes is not effective at that time.

 * http://www.w3.org/TR/html4/types.html#type-name

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5917#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list