[wp-trac] [WordPress Trac] #43187: Add pre-save filter to make target="_blank" always secure

WordPress Trac noreply at wordpress.org
Mon Feb 5 10:26:19 UTC 2018


#43187: Add pre-save filter to make target="_blank" always secure
-------------------------+-----------------------
 Reporter:  notnownikki  |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:  5.0
Component:  General      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:
-------------------------+-----------------------

Comment (by notnownikki):

 Looks like we should be adding where any of `wp_filter_kses`,
 `wp_kses_post`, or `wp_kses_data` are applied, as they'll let through `a`
 tags. The last two blocks headed `Save URL` and `Display URL` will filter
 out tags anyway, but we should apply to the rest. I'll get on it.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list