[wp-trac] [WordPress Trac] #58765: the_block_template_skip_link() - XSS vulnerability - Apply FIX
WordPress Trac
noreply at wordpress.org
Mon Feb 17 16:24:09 UTC 2025
#58765: the_block_template_skip_link() - XSS vulnerability - Apply FIX
-------------------------------------+--------------------------
Reporter: micromadness | Owner: johnbillion
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.8
Component: Security | Version: 5.8
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------------
Changes (by johnbillion):
* owner: (none) => johnbillion
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"59831" 59831]:
{{{
#!CommitTicketReference repository="" revision="59831"
Security: Remove use of `innerHTML` in the
`the_block_template_skip_link()` function.
There is no need to support HTML in this string and switching to
`innerText` helps facilitate a more restrictive Content Security Policy.
Props micromadness, sabernhardt
Fixes #58765
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58765#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list