Changes between Initial Version and Version 1 of Ticket #58333, comment 90
- Timestamp:
- 05/19/2023 02:21:32 PM (21 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #58333, comment 90
initial v1 8 8 }}} 9 9 ? Shouldn't core re-enable shortcodes in templates this way. Otherwise, with same logic, we should also remove blocks from block templates as they are vulnerable. Having nothing to draw eliminates vulnerabilities. 10 11 EDIT: I actually read the replies this time. Presumably 12 13 {{{ 14 <!-- wp:heading --> 15 This 16 <!-- /wp:heading --> 17 }}} 18 19 is prevented injection in user content but 20 21 22 {{{ 23 [someshortcode] 24 }}} 25 isn't and solution is to do parsing for both before user content. Database content is fine if it's wp_template or wp_template_part but not anything else.