[wp-trac] [WordPress Trac] #62619: Remove `wp_kses_post()` filtering from admin notices
WordPress Trac
noreply at wordpress.org
Wed Dec 18 23:16:45 UTC 2024
#62619: Remove `wp_kses_post()` filtering from admin notices
----------------------------+---------------------
Reporter: azaozz | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.8
Component: Administration | Version: 6.4
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
----------------------------+---------------------
Comment (by peterwilsoncc):
As the kses call was included when the function was introduced in [56408],
I'm concerned that it's too late to remove it as third party developers
may have assumed that it was safe to pass user input to the function as it
escapes the output.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62619#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list