Make WordPress Core


Ignore:
Timestamp:
12/12/2019 06:00:45 PM (5 years ago)
Author:
whyisjake
Message:

Prevent stored XSS in the block editor.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras,

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/default-filters.php

    r46432 r46896  
    244244add_filter( 'teeny_mce_before_init', '_mce_set_direction' );
    245245add_filter( 'pre_kses', 'wp_pre_kses_less_than' );
     246add_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10, 3 );
    246247add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 );
    247248add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
Note: See TracChangeset for help on using the changeset viewer.