Context Navigation

kses.php

Timestamp:

09/04/2019 05:51:33 PM (4 years ago)

Author:

desrosj

Message:

Fix for URL sanitization that can lead to cross-site scripting (XSS) attacks.

Props irsdl, sstoqnov, whyisjake.

File:

-                      r45607
+                      r45997
             'feed:javascript:alert(1)',
             'feed:javascript:feed:javascript:feed:javascript:alert(1)',
+            'javascript&#58alert(1)',
+            'javascript&#x3ax=1;alert(1)',
         );
         foreach ( $bad as $k => $x ) {
 …
                         $this->assertEquals( 'feed:alert(1)', $result );
                         break;
+                    case 26:
+                        $this->assertEquals( 'javascript&amp;#58alert(1)', $result );
+                        break;
+                    case 27:
+                        $this->assertEquals( 'javascript&amp;#x3ax=1;alert(1)', $result );
+                        break;
                     default:
                         $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" );
+                        $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" );
+                }
+            }

Note: See TracChangeset for help on using the changeset viewer.