Make WordPress Core

Opened 20 years ago

Closed 18 years ago

#1251 closed defect (bug) (fixed)

XSS and HTML injection

Reported by: anonymousbugger's profile anonymousbugger Owned by: matt's profile matt
Milestone: 2.1 Priority: normal
Severity: major Version: 2.0.1
Component: Security Keywords: 2nd-opinion dev-feedback
Focuses: Cc:

Change History (9)

#1 @anonymousbugger
20 years ago

  • Patch set to No

#2 @matt
20 years ago

  • Owner changed from anonymous to matt
  • Resolution changed from 10 to 70
  • Status changed from new to closed

#3 @anonymousbugger
20 years ago

  • Resolution changed from 70 to 30
  • Status changed from closed to assigned

#5 @ryan
20 years ago

Debian maintainer contacted.

#6 @markjaquith
19 years ago

  • Keywords bg|2nd-opinion bg|dev-feedback added
  • Version set to 2.0.1

Are we going to address this? Maybe we should be filtering the title through KSES except for people with unfiltered_html capability.

#7 @deko
19 years ago

Is kses really the best solution? I've been using SafeHTML with WorpPress since my first wp 2.0 installation. I suggest SafeHTML be given consideration as a replacement for kses - http://pixel-apes.com/safehtml/

#8 @Nazgul
18 years ago

  • Keywords 2nd-opinion dev-feedback added; bg|2nd-opinion bg|dev-feedback removed
  • Milestone set to 2.1

#9 @markjaquith
18 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

#2896 (and maybe others)

Note: See TracTickets for help on using tickets.