[wp-trac] [WordPress Trac] #14758: Do not run kses on display filters for front page views

WordPress Trac wp-trac at lists.automattic.com
Thu Sep 2 21:48:28 UTC 2010


#14758: Do not run kses on display filters for front page views
-------------------------+--------------------------------------------------
 Reporter:  ryan         |       Owner:     
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  3.1
Component:  Performance  |     Version:     
 Severity:  normal       |    Keywords:     
-------------------------+--------------------------------------------------

Comment(by Denis-de-Bernardy):

 Isn't this contrary to security best practices? I mean, the database is
 obviously not supposed to contain insecure data. But it remains an
 untrusted source: if an SQL injection prone plugin allows anything
 malicious into it, this ticket ensures we're removing our last line of
 defense against XSS vulnerabilities and so forth.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14758#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list