Changeset 51423 for trunk/src/wp-includes/class-wp-customize-widgets.php
- Timestamp:
- 07/13/2021 06:01:58 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-widgets.php
r51414 r51423 1421 1421 if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { 1422 1422 if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { 1423 // The content of the 'block' widget is not filtered on the 1424 // fly while editing. Filter the content here to prevent 1425 // vulnerabilities. 1423 /* 1424 * The content of the 'block' widget is not filtered on the 1425 * fly while editing. Filter the content here to prevent 1426 * vulnerabilities. 1427 */ 1426 1428 $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); 1427 1429 }
Note: See TracChangeset
for help on using the changeset viewer.