[wp-trac] [WordPress Trac] #50564: Update jQuery step two
WordPress Trac
noreply at wordpress.org
Fri Nov 27 17:26:36 UTC 2020
#50564: Update jQuery step two
-------------------------------------------+-------------------------
Reporter: azaozz | Owner: azaozz
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: 5.6
Component: External Libraries | Version:
Severity: normal | Resolution:
Keywords: early has-patch needs-testing | Focuses: javascript
-------------------------------------------+-------------------------
Comment (by Clorith):
Replying to [comment:43 azaozz]:
> Reopening this to track the eventual need to add
`jQuery.UNSAFE_restoreLegacyHtmlPrefilter();`. See [#comment:2 comment 2],
[#comment:33 comment 33] and [#comment:35 comment 35].
>
> [...]
>
> In that terms wondering if circumventing the jQuery security fix in
favor of a few plugins would be a good decision.
Ref the legacy HTML prefilter, some discussions in #core on Slack were
also had, and the most likely course would be to not include something
removed by the jQuery team for security for the WordPress release.
WordPress should instead judge the need for it it after the release (since
it's a obscure thing to search for), and consider implementing it in the
jQuery Migrate Helper if the core security team thinks it's an acceptable
approach at that time.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50564#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list