[wp-trac] [WordPress Trac] #43187: Add content filter to make target="_blank" always secure
WordPress Trac
noreply at wordpress.org
Wed Jan 31 14:35:00 UTC 2018
#43187: Add content filter to make target="_blank" always secure
----------------------------------------+-----------------------------
Reporter: notnownikki | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Future Release
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+-----------------------------
Changes (by iseulde):
* keywords: => has-patch needs-unit-tests
Comment:
Some initial thoughts:
* This content filter will need some tests to ensure all scenarios are
covered, e.g. existing rel attribute, or one of the values already there.
* Out of curiosity I was testing whether `target="blank"` works, and
surprisingly it does (at least in Safari). Even using `target="black"` or
anything in it still works. I'm assuming this has the same security
issues, so I would just add the `rel` attribute as soon as there is a
`target` attribute present.
* I don't think we can use `shortcode_parse_atts`. Do you think we can
just use regex here for the `rel` attribute as well?
* Are there any other input fields where the user can add links with a
target attribute? Thinking about title, comments etc.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43187#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list