Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WPEX-3724] Resolve XSS security vulnerability #2612

Merged
merged 2 commits into from
May 29, 2024
Merged

Conversation

mtashjianjr-godaddy
Copy link
Contributor

Resolves an issue with improper escaping of HTML output in the Social Profiles block. The solution implemented (other than ensuring output is properly escaped) is to use wp_kses with a defined set of html elements and attributes expected which removes all extraneous attributes.

@mtashjianjr-godaddy mtashjianjr-godaddy self-assigned this May 29, 2024
@EvanHerman EvanHerman self-requested a review May 29, 2024 20:55
Copy link
Contributor

@EvanHerman EvanHerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Works well on my end. Nice work! 👍

Copy link
Member

@AnthonyLedesma AnthonyLedesma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. I tried to break all the features. 🥇

@AnthonyLedesma AnthonyLedesma merged commit 4af6eb2 into master May 29, 2024
40 checks passed
@AnthonyLedesma AnthonyLedesma deleted the WPEX-3724 branch May 29, 2024 21:44
@AnthonyLedesma AnthonyLedesma added this to the 3.1.10 milestone May 30, 2024
@eherman-godaddy eherman-godaddy restored the WPEX-3724 branch June 11, 2024 20:01
@EvanHerman EvanHerman deleted the WPEX-3724 branch June 11, 2024 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants