[wp-trac] [WordPress Trac] #30920: Add support for JavaScript templates (Underscore) to wp_kses()
WordPress Trac
noreply at wordpress.org
Thu Jan 8 21:47:38 UTC 2015
#30920: Add support for JavaScript templates (Underscore) to wp_kses()
---------------------------+-----------------------
Reporter: stevegrunwell | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Formatting | Version: trunk
Severity: normal | Resolution: invalid
Keywords: kses close | Focuses: template
---------------------------+-----------------------
Changes (by nacin):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Aside from a separation of concerns issue that's been hashed out here
already, the other issue is that Underscore templates are, by their very
nature, JavaScript. They're insecure. Allowing them to be included would
allow JavaScript to be executed in potentially unintended ways.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30920#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list