[wp-trac] [WordPress Trac] #32816: No or inadequate Custom Link URL validation
WordPress Trac
noreply at wordpress.org
Mon Dec 5 11:54:58 UTC 2016
#32816: No or inadequate Custom Link URL validation
-------------------------------------------------+-------------------------
Reporter: JanR | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.8
Component: Customize | Version: 4.3
Severity: normal | Resolution:
Keywords: good-first-bug has-patch needs- | Focuses: ui,
testing | javascript
-------------------------------------------------+-------------------------
Comment (by westonruter):
The PHP-based sanitization/validation needs to remain, as it is only the
server-side validation that ultimately matters for ensuring valid values
are saved. The JS validation can be easily bypassed.
I'm wary of attempting to include a full URL sanitization in JS that
completely matches and replicates what is in PHP. I think the JS
validation should be very rudimentary, just checking for `^https?://.+`.
Also, we need to ensure that `mailto:` links work.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32816#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list