[wp-trac] [WordPress Trac] #58336: Potential XSS on admin_body_class hook
WordPress Trac
noreply at wordpress.org
Fri May 19 21:15:50 UTC 2023
#58336: Potential XSS on admin_body_class hook
----------------------------------------+---------------------
Reporter: rafiem | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.3
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-unit-tests has-patch | Focuses:
----------------------------------------+---------------------
Comment (by westonruter):
See also #20009 in which the same fix was done for `body_class()` via
[48060]. Note that this can break plugins that hack the filter to inject
attributes on the `body` element. (IMO, such plugins should be broken 😬)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58336#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list