[wp-trac] [WordPress Trac] #47226: "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons
WordPress Trac
noreply at wordpress.org
Fri May 10 23:10:03 UTC 2019
#47226: "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using
HTML-encoding without trailing semicolons
-------------------------+------------------------------
Reporter: irsdl | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: 5.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------------
Comment (by irsdl):
H1 link: https://hackerone.com/reports/339483
I had asked for permission to publish it more than 3 weeks ago so I am
sure this should be fine as I got no response:
{{{
Apr 17th 2019:
I would like to share this post publicly and perhaps send a pull request
to the repository as I had provided the fix already. Please let me know if
there is any issues. If I don't hear anything back by next week, I
consider it as a positive sign that I am allowed to share its details
publicly.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47226#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list