Make WordPress Core


Ignore:
Timestamp:
02/08/2011 08:17:09 PM (13 years ago)
Author:
nacin
Message:

Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r17404 r17422  
    3737// Kses only for textarea admin displays
    3838if ( is_admin() ) {
    39     foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
     39    foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
    4040        add_filter( $filter, 'wp_kses_data' );
    4141    }
     42    add_filter( 'comment_text', 'wp_kses_post' );
    4243}
    4344
Note: See TracChangeset for help on using the changeset viewer.