WordPress.org
Get WordPress

Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 7 years ago

#10336 closed defect (bug) (fixed)

Inline CSS filter for kses

Reported by: azaozz's profile azaozz Owned by: ryan's profile ryan
Milestone: 2.8.1 Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

There are quite a few nasty CSS "tricks" that are currently possible for users without the "unfiltered html" capability. Adding the inline CSS filtering from WPMU with some improvements would close that hole and still allow most basic styles through.

Attachments (1)

kses.patch (2.4 KB) - added by azaozz 15 years ago.

Download all attachments as: .zip

Change History (6)

@azaozz
15 years ago

#1 @ryan
15 years ago

Looks good.

#2 @azaozz
15 years ago

  • Milestone changed from Unassigned to 2.8.1

#3 @azaozz
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11689]) Inline CSS filter for kses, for trunk, fixes #10336

#4 @azaozz
15 years ago

In [11688] for 2.8.1

This ticket was mentioned in Slack in #core-editor by sergey. View the logs.
7 years ago

Note: See TracTickets for help on using tickets.