[wp-trac] [WordPress Trac] #10237: Implement the new Mozilla feature to prevent XSS
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 12 18:24:50 UTC 2010
#10237: Implement the new Mozilla feature to prevent XSS
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.8
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Comment(by bsterne):
Replying to [comment:15 bsterne]:
> 2. replace event-handling HTML attributes with externally-added event
handlers, such as replacing
My example code was written hastily. An actual valid example would have
been more like:
{{{
var cLinks = document.getElementsByClassName("vim-r");
for (var i = 0; i < cLinks.length ; i++) {
cLinks[i].onclick = function() {
commentReply.open(this.getAttribute("cid"), this.getAttribute("pid"));
};
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10237#comment:17>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list