[wp-trac] [WordPress Trac] #60651: Block Bindings: Don't show protected fields that are bound to blocks and post meta
WordPress Trac
noreply at wordpress.org
Wed Feb 28 10:44:53 UTC 2024
#60651: Block Bindings: Don't show protected fields that are bound to blocks and
post meta
-----------------------------+-----------------------------
Reporter: santosguillamot | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords: has-patch
Focuses: |
-----------------------------+-----------------------------
After more testing in the block bindings API, it might make sense to add
some limitations for the blocks connected to post meta before it is
included in 6.5. This means that fields that are protected or are not
shown in the REST API shouldn't be shown in this initial version even if
they are bound to blocks. This way, it ensures no unwanted data is leaked.
It can be explored in a later phase how to loosen these restrictions.
Related changes proposed are also in the Gutenberg plugin:
https://github.com/WordPress/gutenberg/pull/59326
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60651>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list