[wp-trac] [WordPress Trac] #20421: Remove support for Netscape 4 from kses.php (because it's 2012)
WordPress Trac
noreply at wordpress.org
Wed Feb 12 22:37:33 UTC 2014
#20421: Remove support for Netscape 4 from kses.php (because it's 2012)
------------------------------------+------------------------------
Reporter: Ipstenu | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------------
Comment (by nacin):
As this is there for security reasons, its age may not be enough to remove
these. What do these HTML entities look like? Do any other browsers also
recognize them? Is this still a concern in the security community?
Applying this patch specifically breaks one of our unit tests based on
http://ha.ckers.org/xssAttacks.xml. (The first one, in fact.) Sounds like
"invalid" to me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20421#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list