[wp-trac] [WordPress Trac] #10237: Implement the new Mozilla feature to prevent XSS

WordPress Trac wp-trac at lists.automattic.com
Tue Jan 12 18:24:50 UTC 2010


#10237: Implement the new Mozilla feature to prevent XSS
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan
     Type:  feature request    |      Status:  new 
 Priority:  normal             |   Milestone:  3.0 
Component:  Security           |     Version:  2.8 
 Severity:  normal             |    Keywords:      
-------------------------------+--------------------------------------------

Comment(by bsterne):

 Replying to [comment:15 bsterne]:
 >  2. replace event-handling HTML attributes with externally-added event
 handlers, such as replacing

 My example code was written hastily.  An actual valid example would have
 been more like:
 {{{
 var cLinks = document.getElementsByClassName("vim-r");
 for (var i = 0; i < cLinks.length ; i++) {
   cLinks[i].onclick = function() {
     commentReply.open(this.getAttribute("cid"), this.getAttribute("pid"));
   };
 }
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10237#comment:17>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list