Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Investigate reverting changes in kses done for gutenberg #144

Closed
markkap opened this issue Oct 15, 2018 · 1 comment
Closed

Investigate reverting changes in kses done for gutenberg #144

markkap opened this issue Oct 15, 2018 · 1 comment

Comments

@markkap
Copy link

@markkap markkap commented Oct 15, 2018

This https://core.trac.wordpress.org/changeset/43727 seems to be like a very fishy security related change.

If gutenberg can not work with such a massive permission relaxation, it is better not to have it at all.

Should look at it again as before finalizing 1.0

@markkap markkap added this to the 1.0.0 milestone Oct 15, 2018
@markkap
Copy link
Author

@markkap markkap commented Dec 12, 2018

Do not like the implications of users being able to add whatever data-* attribute and integrate with JS that interacts with them, but it is the responsibility of the JS library and whoever installed it to make sure that no major shenanigans are possible through it.

The rest seems fully valid.

@markkap markkap closed this Dec 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant