Changes between Initial Version and Version 1 of Ticket #19414, comment 4
- Timestamp:
- 12/02/2011 05:44:52 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #19414, comment 4
initial v1 3 3 Given the prominence and focus of the new admin bar, I can imagine increased instances of developers wishing to add more functionality to it. Given that the only workaround is currently to globally enable the javascript protocol, any plugin with admin-bar javascript would be advertising a vulnerability. 4 4 5 Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar ( or dropping the esc_url call for the admin bar) seem justified.5 Either a patch to allow more targeted filtering of wp_allowed_protocols(), or amendments to allow targeted exceptions for the admin bar (such as appending allowed protocols to the admin_bar hooks) seem justified.