[wp-hackers] Why kses filtered html strips class?
chris.hearn01 at ntlworld.com
Fri Aug 3 19:41:40 GMT 2007
thanks for the explanation - I guess I will either use HTML purifier,
or simply unfiltered HTML access to my editors - who I trust - I want to
fix this some way, and these 2 options seem the best.
> On 8/2/07, Chris <chris.hearn01 at ntlworld.com> wrote:
>> Still dont understand why WP whacks it tho!
> Because class is a security risk. So is style and such. With access to
> classes and/or styles, it's possible to absolutely position some text
> or other code elsewhere on the page. Perhaps overwriting a login form
> or something else, and thus allowing one of your editors to trick
> somebody into giving up information. There's other ways to do bad
> things with class too, the point is that if they have unfettered
> access to class adjustment then they can potentially change your site
> in insecure ways.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers