[wp-trac] [WordPress Trac] #9823: Allow 0xAD in URI attributes
WordPress Trac
wp-trac at lists.automattic.com
Thu May 14 22:04:33 GMT 2009
#9823: Allow 0xAD in URI attributes
--------------------------+-------------------------------------------------
Reporter: nbachiyski | Owner:
Type: defect (bug) | Status: new
Priority: low | Milestone: 2.9
Component: Validation | Version: 2.8
Severity: normal | Keywords: kses
--------------------------+-------------------------------------------------
kses strips 0xAD from URI attributes (see #4379 and #5917).
Given the more frequent use of unicode in addresses and the fact that this
byte appears in a lot of the UTF-8 representations, stripping it causes
many broken URLs.
I researched the issue and found only [http://marc.info/?l=full-
disclosure&m=112624614008387&w=2 one security problem] caused by this
byte: Mozilla <= 1.7.11/Firefox <= 1.5 Beta 1 didn't escape this byte
properly in Internationalized Domain Names.
The bug was fixed almost 4 years ago and everybody now is using newer
versions of Firefox, so I think we can safely remove the check.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9823>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list