[wp-trac] [WordPress Trac] #10751: kses filter fields when displaying
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 9 21:07:54 UTC 2009
#10751: kses filter fields when displaying
--------------------------+-------------------------------------------------
Reporter: ryan | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: Security | Version:
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
Comment(by azaozz):
Yes, was wondering if we should strip the naughty stuff or return an empty
string instead. The empty string could potentially break something but on
the other hand if somebody is trying an exploit the filtered string won't
be any good either. Another option would be to return some kind of
warning, perhaps `[content filtered]` or something when we are in the
admin.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10751#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list