39a8eacb5f
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. Props: xknown, nickdaugherty, peterwilsoncc. git-svn-id: https://develop.svn.wordpress.org/trunk@46895 602fd350-edb4-49c9-b593-d223f7449a82 |
||
|---|---|---|
| .. | ||
| e2e | ||
| phpunit | ||
| qunit | ||