[wp-trac] [WordPress Trac] #28699: \0 (backslash+zero) gets stripped from post content for users without "unfiltered_html"
WordPress Trac
noreply at wordpress.org
Tue Jul 1 18:10:03 UTC 2014
#28699: \0 (backslash+zero) gets stripped from post content for users without
"unfiltered_html"
------------------------------------------+------------------
Reporter: azaozz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.0
Component: Formatting | Version: 1.0
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+------------------
Comment (by miqrogroove):
Looks like {{{\0}}} is special (octal) in JS in at least two contexts.
{{{\0}}} is also special (hex) in CSS content attributes.
These might also prefix any non-zero integer.
Any security implications there?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28699#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list