Changeset 46900 for branches/5.3/src/wp-includes/default-filters.php

Timestamp:

12/12/2019 06:10:56 PM (5 years ago)

Author:

whyisjake

Message:

Prevent stored XSS in the block editor.

Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

File:

• branches/5.3/src/wp-includes/default-filters.php (modified) (1 diff)

branches/5.3/src/wp-includes/default-filters.php

@@ -244 +244 @@
 add_filter( 'teeny_mce_before_init', '_mce_set_direction' );
 add_filter( 'pre_kses', 'wp_pre_kses_less_than' );
+add_filter( 'pre_kses', 'wp_pre_kses_block_attributes', 10, 3 );
 add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 );
 add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );