mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-15 07:05:37 +01:00
b12e78ee0b
Props: danielbachhuber, whyisjake, peterwilson, xknown. Brings r46893 to the 4.8 branch. Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, `wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. Brings r46895 to the 4.8 branch. Props: xknown, nickdaugherty, peterwilsoncc. Built from https://develop.svn.wordpress.org/branches/4.8@46917 git-svn-id: http://core.svn.wordpress.org/branches/4.8@46717 1a063a9b-81f0-0310-95a4-ce76da25c4cd |
||
---|---|---|
.. | ||
class-wp-rest-attachments-controller.php | ||
class-wp-rest-comments-controller.php | ||
class-wp-rest-controller.php | ||
class-wp-rest-post-statuses-controller.php | ||
class-wp-rest-post-types-controller.php | ||
class-wp-rest-posts-controller.php | ||
class-wp-rest-revisions-controller.php | ||
class-wp-rest-settings-controller.php | ||
class-wp-rest-taxonomies-controller.php | ||
class-wp-rest-terms-controller.php | ||
class-wp-rest-users-controller.php |