[wp-trac] [WordPress Trac] #43187: Add content filter to make target="_blank" always secure
WordPress Trac
noreply at wordpress.org
Thu Feb 1 15:28:49 UTC 2018
#43187: Add content filter to make target="_blank" always secure
-------------------------+-----------------------------
Reporter: notnownikki | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Future Release
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+-----------------------------
Comment (by notnownikki):
Added a new diff, reworked it into a pre-save filter, rather than a
content filter.
As part of `kses_init` it adds a call to `kses_init_phishing_filters`
which are always added even if the user can supply unfiltered html.
The filter has been modified to deal with slashes, but they're optional so
this can be used on escaped or unescaped content. Units tests were added
for this.
I've tested by including links with targets and without targets in titles,
posts, and comments.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list