[wp-trac] [WordPress Trac] #43187: Add content filter to make target="_blank" always secure

WordPress Trac noreply at wordpress.org
Thu Feb 1 15:28:49 UTC 2018


#43187: Add content filter to make target="_blank" always secure
-------------------------+-----------------------------
 Reporter:  notnownikki  |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:  Future Release
Component:  General      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:
-------------------------+-----------------------------

Comment (by notnownikki):

 Added a new diff, reworked it into a pre-save filter, rather than a
 content filter.

 As part of `kses_init` it adds a call to `kses_init_phishing_filters`
 which are always added even if the user can supply unfiltered html.

 The filter has been modified to deal with slashes, but they're optional so
 this can be used on escaped or unescaped content. Units tests were added
 for this.

 I've tested by including links with targets and without targets in titles,
 posts, and comments.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list