[wp-trac] [WordPress Trac] #10237: Implement the new Mozilla feature to prevent XSS
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 7 16:43:39 UTC 2010
#10237: Implement the new Mozilla feature to prevent XSS
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.8
Severity: normal | Keywords: 2nd-opinion
-------------------------------+--------------------------------------------
Comment(by Denis-de-Bernardy):
I think that we need a filter for that value. The odds are strong that,
this year, someone somewhere will decide to put his js/css on a CDN in
order to improve performance. Or a plugin could very well use a js hosted
elsewhere (e.g. Google) to do its stuff. Etc.
Restricting this to "self" without any means to override it is a bit too
extreme.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10237#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list