Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #58333, comment 90


Ignore:
Timestamp:
05/19/2023 02:21:32 PM (13 months ago)
Author:
agendah
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #58333, comment 90

    initial v1  
    88}}}
    99? Shouldn't core re-enable shortcodes in templates this way. Otherwise, with same logic, we should also remove blocks from block templates as they are vulnerable. Having nothing to draw eliminates vulnerabilities.
     10
     11EDIT: I actually read the replies this time. Presumably
     12
     13{{{
     14<!-- wp:heading -->
     15This
     16<!-- /wp:heading -->
     17}}}
     18
     19is prevented injection in user content but
     20
     21
     22{{{
     23[someshortcode]
     24}}}
     25isn't and solution is to do parsing for both before user content. Database content is fine if it's wp_template or wp_template_part but not anything else.