WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #19414, comment 4


Ignore:
Timestamp:
12/02/11 17:44:52 (4 years ago)
Author:
Anatta
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #19414, comment 4

    initial v1  
    33Given the prominence and focus of the new admin bar, I can imagine increased instances of developers wishing to add more functionality to it.  Given that the only workaround is currently to globally enable the javascript protocol, any plugin with admin-bar javascript would be advertising a vulnerability. 
    44 
    5 Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar (or dropping the esc_url call for the admin bar) seem justified.  
     5Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar (such as appending allowed protocols to the admin_bar hooks) seem justified.