[wp-trac] [WordPress Trac] #61570: Change 3rd party domain mysite.com from example in editor.js in WP 6.6
WordPress Trac
noreply at wordpress.org
Thu Jul 4 05:37:51 UTC 2024
#61570: Change 3rd party domain mysite.com from example in editor.js in WP 6.6
---------------------------+-----------------------------
Reporter: TeemuSuoranta | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords:
Focuses: ui-copy |
---------------------------+-----------------------------
WP 6.6 includes following string in wp-includes/js/dist/editor.js:10076
{{{
Child pages inherit characteristics from their parent, such as URL
structure. For instance, if 'Web Design' is a child of 'Services,' its URL
would be mysite.com/services/web-design.
}}}
Using mysite.com as example is problematic because that's a 3rd party
domain not owned by WordPress. Although we are not displaying a clickable
link to it, there's a risk that some of the users will go and visit that
URL and that can cause some confusion but it also opens up possibilities
for bad actors at the 3rd party to create scams to that website.
Even if mysite.com could be trusted the already submitted translations by
various locales contain many variations of "mysite" which increases the
risk of some bad actors will reserve those domains and create harmful
websites.
I propose a few alternatives:
1. Let's not use any domain there and just say /services/web-design
2. Let's use wordpress.org as an example because that we can trust
3. Let's use example.com if some other external domain is needed
Related discussion on #polyglots
https://wordpress.slack.com/archives/C02RP50LK/p1720016320393729
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61570>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list