[wp-trac] [WordPress Trac] #43187: Add pre-save filter to make target="_blank" always secure
WordPress Trac
noreply at wordpress.org
Mon Feb 5 10:26:19 UTC 2018
#43187: Add pre-save filter to make target="_blank" always secure
-------------------------+-----------------------
Reporter: notnownikki | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: 5.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+-----------------------
Comment (by notnownikki):
Looks like we should be adding where any of `wp_filter_kses`,
`wp_kses_post`, or `wp_kses_data` are applied, as they'll let through `a`
tags. The last two blocks headed `Save URL` and `Display URL` will filter
out tags anyway, but we should apply to the rest. I'll get on it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list