[wp-trac] [WordPress Trac] #56701: Sanitize HTML Classes added to single row columns in WP_List_Table
WordPress Trac
noreply at wordpress.org
Wed Nov 9 04:05:55 UTC 2022
#56701: Sanitize HTML Classes added to single row columns in WP_List_Table
-------------------------------------------------+-------------------------
Reporter: bananastalktome | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.1.1
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing 2nd-opinion | Focuses:
close | administration
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):
* keywords: has-patch needs-testing 2nd-opinion => has-patch needs-testing
2nd-opinion close
Comment:
I'm inclined to close this without a fix for similar reasons to #56655.
If a plugin wishes to allow a user to add arbitory classes using the
filter, the plugin is responsible for filtering.
As Ozz mentions, once something takes PHP to exploit (for want of a better
word) it's not really a concern as there are many other developer APIs
available they can do far nastier things with.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56701#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list