Sergey Biryukov 972c0b26f5 Update wp_kses_bad_protocol() to recognize : on uri attributes, ...

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

git-svn-id: https://develop.svn.wordpress.org/branches/4.3@46911 602fd350-edb4-49c9-b593-d223f7449a82

2019-12-12 18:42:58 +00:00

..

phpunit

Update wp_kses_bad_protocol() to recognize : on uri attributes,

2019-12-12 18:42:58 +00:00

qunit

TinyMCE: update to 4.2.5, changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=index&pr_id=1.

2015-09-10 23:56:25 +00:00