Opened 8 years ago
Closed 7 years ago
#1251 closed defect (bug) (fixed)
XSS and HTML injection
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 2.1 |
| Component: | Security | Version: | 2.0.1 |
| Severity: | major | Keywords: | 2nd-opinion dev-feedback |
| Cc: |
Description
Change History (9)
comment:1
anonymousbugger — 8 years ago
- Patch set to No
- Owner changed from anonymous to matt
- Resolution changed from 10 to 70
- Status changed from new to closed
comment:3
anonymousbugger — 8 years ago
- Resolution changed from 70 to 30
- Status changed from closed to assigned
Mailing list threads discussing this:
http://comox.textdrive.com/pipermail/wp-hackers/2005-April/000530.html
http://comox.textdrive.com/pipermail/wp-hackers/2005-April/000517.html
Forum post:
comment:6
markjaquith — 7 years ago
- Keywords bg|2nd-opinion bg|dev-feedback added
- Version set to 2.0.1
Are we going to address this? Maybe we should be filtering the title through KSES except for people with unfiltered_html capability.
Is kses really the best solution? I've been using SafeHTML with WorpPress since my first wp 2.0 installation. I suggest SafeHTML be given consideration as a replacement for kses - http://pixel-apes.com/safehtml/
- Keywords 2nd-opinion dev-feedback added; bg|2nd-opinion bg|dev-feedback removed
- Milestone set to 2.1
comment:9
markjaquith — 7 years ago
- Resolution set to fixed
- Status changed from assigned to closed
#2896 (and maybe others)
Note: See
TracTickets for help on using
tickets.
If it's no issue then please take care of http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1102 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304468