mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-15 07:05:37 +01:00
da95cca74c
Props: danielbachhuber, whyisjake, peterwilson, xknown. Prevent stored XSS through wp_targeted_link_rel(). Props: vortfu, whyisjake, peterwilsoncc, xknown, SergeyBiryukov, flaviozavan. Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes, `wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. Brings r46895 to the 5.3 branch. Props: xknown, nickdaugherty, peterwilsoncc. Prevent stored XSS in the block editor. Brings r46896 to the 5.3 branch. Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding. Props: aduth, epiqueras. Built from https://develop.svn.wordpress.org/branches/5.2@46901 git-svn-id: http://core.svn.wordpress.org/branches/5.2@46701 1a063a9b-81f0-0310-95a4-ce76da25c4cd |
||
---|---|---|
.. | ||
endpoints | ||
fields | ||
search | ||
class-wp-rest-request.php | ||
class-wp-rest-response.php | ||
class-wp-rest-server.php |