[wp-trac] Re: [WordPress Trac] #5917: Kses should apply
bad-protocol check only to URI typed attributes
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 27 10:13:20 GMT 2008
#5917: Kses should apply bad-protocol check only to URI typed attributes
----------------------------+-----------------------------------------------
Reporter: takayukister | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version: 2.5
Severity: normal | Resolution:
Keywords: kses has-patch |
----------------------------+-----------------------------------------------
Comment (by takayukister):
Andy, what kind of whitelist do you mean?
Actually I was trying picking up attributes which can include colon
safely, like <img alt="">, instead of picking away attributes with URI
value like my first patch. But I eventually realized that most of
attributes can include colon, not only CDATA and Text type, all ID and
Name attributes can include colon as well [*], so I thought specifying all
these attributes is not effective at that time.
* http://www.w3.org/TR/html4/types.html#type-name
--
Ticket URL: <http://trac.wordpress.org/ticket/5917#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list