Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Investigate reverting changes in kses done for gutenberg #144

Closed
markkap opened this Issue Oct 15, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@markkap
Copy link

markkap commented Oct 15, 2018

This https://core.trac.wordpress.org/changeset/43727 seems to be like a very fishy security related change.

If gutenberg can not work with such a massive permission relaxation, it is better not to have it at all.

Should look at it again as before finalizing 1.0

@markkap markkap added the security label Oct 15, 2018

@markkap markkap added this to the 1.0.0 milestone Oct 15, 2018

@markkap

This comment has been minimized.

Copy link
Author

markkap commented Dec 12, 2018

Do not like the implications of users being able to add whatever data-* attribute and integrate with JS that interacts with them, but it is the responsibility of the JS library and whoever installed it to make sure that no major shenanigans are possible through it.

The rest seems fully valid.

@markkap markkap closed this Dec 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.