[wp-trac] [WordPress Trac] #59682: Bug fix for rel attributes in social-link.php
WordPress Trac
noreply at wordpress.org
Thu Oct 19 13:38:57 UTC 2023
#59682: Bug fix for rel attributes in social-link.php
--------------------------+-----------------------------
Reporter: niallhotfoot | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.3.2
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
A security audit has picked up that social links linking to external tabs
were at risk of tab nabbing.
Upon further investigation, I found that the rel attributes needed, should
have been being added.
If you look in wp-includes/blocks/social-link.php on line 65, you need to
wrap the attribute in a trim() so that if there are no additional rel
attributes set, it won't start with a space as this won't work!
so the line should be:
{{{#!php
$processor->set_attribute( 'rel', trim(esc_attr( $rel ) . '
noopener nofollow' ));
<?php
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59682>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list