Opened 20 years ago
Closed 18 years ago
#1251 closed defect (bug) (fixed)
XSS and HTML injection
Reported by: | anonymousbugger | Owned by: | matt |
---|---|---|---|
Milestone: | 2.1 | Priority: | normal |
Severity: | major | Version: | 2.0.1 |
Component: | Security | Keywords: | 2nd-opinion dev-feedback |
Focuses: | Cc: |
Description
Change History (9)
#2
@
20 years ago
- Owner changed from anonymous to matt
- Resolution changed from 10 to 70
- Status changed from new to closed
#4
@
20 years ago
Mailing list threads discussing this:
http://comox.textdrive.com/pipermail/wp-hackers/2005-April/000530.html
http://comox.textdrive.com/pipermail/wp-hackers/2005-April/000517.html
Forum post:
#6
@
19 years ago
- Keywords bg|2nd-opinion bg|dev-feedback added
- Version set to 2.0.1
Are we going to address this? Maybe we should be filtering the title through KSES except for people with unfiltered_html capability.
#7
@
19 years ago
Is kses really the best solution? I've been using SafeHTML with WorpPress since my first wp 2.0 installation. I suggest SafeHTML be given consideration as a replacement for kses - http://pixel-apes.com/safehtml/
Note: See
TracTickets for help on using
tickets.
If it's no issue then please take care of http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1102 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304468