[wp-trac] [WordPress Trac] #33848: Protect against vulnerability in Netscape 4?
WordPress Trac
noreply at wordpress.org
Mon Sep 26 03:11:49 UTC 2016
#33848: Protect against vulnerability in Netscape 4?
-------------------------------------------------+-------------------------
Reporter: dmsnell | Owner: chriscct7
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.7
Component: Security | Version: 1.0
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
refresh | performance
-------------------------------------------------+-------------------------
Changes (by pento):
* keywords: has-patch has-unit-tests => has-patch has-unit-tests needs-
refresh
Comment:
This is one of my favourite tickets.
The idea has been tumbling around in my head for a while, I'm leaning
towards deprecating the function. The security benefit it provides is
negligible, it's nice to improve performance, however slight, and it's a
small step towards making `wp_kses()` fast enough to be usable.
For [attachment:no_js_entities.3.diff], instead of changing the behaviour
of `wp_kses_js_entities()`, we can just stop calling it, and move it to
`deprecated.php`. It also needs the addition of a `_deprecated_function()`
call. I like the additional explanation in the docblock, that should stay.
@dmsnell, would you mind updating the patch?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33848#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list