Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #19414, comment 4


Ignore:
Timestamp:
12/02/2011 05:44:52 PM (13 years ago)
Author:
Anatta
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #19414, comment 4

    initial v1  
    33Given the prominence and focus of the new admin bar, I can imagine increased instances of developers wishing to add more functionality to it.  Given that the only workaround is currently to globally enable the javascript protocol, any plugin with admin-bar javascript would be advertising a vulnerability.
    44
    5 Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar (or dropping the esc_url call for the admin bar) seem justified.
     5Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar (such as appending allowed protocols to the admin_bar hooks) seem justified.