[wp-trac] [WordPress Trac] #12056: target="_blank" being stripped from Profile Bio and Category Description
WordPress Trac
noreply at wordpress.org
Sat Dec 7 10:00:41 UTC 2013
#12056: target="_blank" being stripped from Profile Bio and Category Description
--------------------------+-----------------------------
Reporter: lovewpmu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: General | Version: 2.9.2
Severity: normal | Resolution:
Keywords: gsoc |
--------------------------+-----------------------------
Comment (by nofearinc):
Adding the target to the anchor array of `$allowedtags` would solve that
globally in kses.php after the default filters are applied in default-
filters.php, but I guess there might be a security risk with adding a
frame target to external location? I've uploaded a sample proof of concept
above.
Not sure if there is a way to globally allow a given value for an
attribute in `$allowedtags`.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12056#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list