Opened 5 years ago
Closed 5 years ago
#4788 closed defect (bug) (fixed)
Various unescaped inputs/outputs
Reported by: | jonoaldersonwp | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | General | Keywords: | |
Cc: |
Description
It looks like we have a bunch of areas where HTML inputs aren't escaped, resulting in potential XSS and display issues.
Comments on Make posts
http://make.wordpress.org/core/2014/09/09/twenty-fifteen/
Review/forum/support content
https://wordpress.org/support/topic/bien-quelques-remarques-mineures/
Change History (3)
This ticket was mentioned in Slack in #meta by jonoaldersonwp. View the logs.
5 years ago
#3
@
5 years ago
- Keywords seo security removed
- Resolution set to fixed
- Status changed from new to closed
Both formatting errors have been corrected.
Please keep https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/ in mind, it obviously also applies to WordPress.org.
Note: See
TracTickets for help on using
tickets.
The support forums have a known issue with list items being able to "break" the layout. We allow lists, but don't always properly check for UL or OL surrounding them, basically. It's a relatively minor flaw that the forum moderators know how to fix when they find it.