[wp-trac] [WordPress Trac] #43187: Add content filter to make target="_blank" always secure
WordPress Trac
noreply at wordpress.org
Thu Feb 1 12:42:41 UTC 2018
#43187: Add content filter to make target="_blank" always secure
----------------------------------------+-----------------------------
Reporter: notnownikki | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Future Release
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+-----------------------------
Comment (by iseulde):
@azaozz reminded me that `pre_kses` only works for users who are not
allowed to use unfiltered HTML, so this won't work for admins and editors.
:( I think the best way is to still use a save filter such as kses (not
display), and to circumvent the `unfiltered_html` cap check. In other
words, we'll have to add the filter everywhere kses is added. Sorry for
not realising that earlier.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list