Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WPEX-3724] Resolve XSS security vulnerability #2612

Merged
merged 2 commits into from
May 29, 2024
Merged

[WPEX-3724] Resolve XSS security vulnerability #2612

merged 2 commits into from
May 29, 2024

Conversation

mtashjianjr-godaddy
Copy link
Contributor

Resolves an issue with improper escaping of HTML output in the Social Profiles block. The solution implemented (other than ensuring output is properly escaped) is to use wp_kses with a defined set of html elements and attributes expected which removes all extraneous attributes.

@mtashjianjr-godaddy mtashjianjr-godaddy self-assigned this May 29, 2024
@EvanHerman EvanHerman self-requested a review May 29, 2024 20:55
EvanHerman
EvanHerman approved these changes May 29, 2024
View reviewed changes
Copy link
Contributor

@EvanHerman EvanHerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Works well on my end. Nice work! 👍

AnthonyLedesma
AnthonyLedesma approved these changes May 29, 2024
View reviewed changes
Copy link
Member

@AnthonyLedesma AnthonyLedesma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. I tried to break all the features. 🥇

@AnthonyLedesma AnthonyLedesma merged commit 4af6eb2 into master May 29, 2024
40 checks passed
@AnthonyLedesma AnthonyLedesma deleted the WPEX-3724 branch May 29, 2024 21:44
@AnthonyLedesma AnthonyLedesma added this to the 3.1.10 milestone May 30, 2024
@eherman-godaddy eherman-godaddy restored the WPEX-3724 branch June 11, 2024 20:01
@EvanHerman EvanHerman deleted the WPEX-3724 branch June 11, 2024 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EvanHerman EvanHerman EvanHerman approved these changes

@AnthonyLedesma AnthonyLedesma AnthonyLedesma approved these changes

Assignees

@mtashjianjr-godaddy mtashjianjr-godaddy

Labels
None yet
Projects
None yet
Milestone
3.1.10
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mtashjianjr-godaddy @EvanHerman @AnthonyLedesma