Hello, This is the first time writing to this list. I have found and tried to fix 4 bugs that deal with WordPress producing invalid XHTML (and yellow screens of death in Firefox) upon certain things happening with comments.
I would really appreciate any more focus these bugs can get as I would like to see these types of things fixed sooner than later in WordPress. Ideally 2.5.1 (but I have no idea of triage criteria). The bugs are : 1) http://trac.wordpress.org/ticket/5998 - Invalid Unicode characters Someone injecting invalid Unicode characters like U-FFFE, U-FFFF can break XHTML pages. This patch only assumes UTF-8 in WordPress comments (not trackbacks, pingbacks), so of the four patches, it's the one that still needs the most work. I'd like to work with someone on what they feel might be a more general solution. 2) http://trac.wordpress.org/ticket/6583 - kses Allows Invalid Unicode Numeric Entities Someone typing "&xfffe;" into a WordPress comment can break XHTML pages. This patch escapes any invalid numeric entities. I believe the patch is pretty straightforward, though it may need some style tweaks (function rename?). 3) http://trac.wordpress.org/ticket/6602 - kses Should Prevent Duplicate Attributes Someone typing "<a href='foo' href='foo2'>test</a>" into a WordPress comment can break XHTML pages. This patch rejects all duplicate attributes but the first. In my opinion, the patch is pretty straightforward. 4) http://trac.wordpress.org/ticket/6642 - Commenters can break page validation via HTML comments Someone typing "<!-- foo -- bar -->" into a WordPress comment can break XHTML pages. This patch replaces all "--" in HTML comments with "-". I believe the patch is pretty straightforward. Please bear in mind that anyone trying to serve a WordPress blog using true XHTML (application/xhtml+xml) will be susceptible to these vulnerabilities - anybody could come along and break the blogs using any of the above 4 techniques. This includes my own blog (blog.codedread.com), which I've of course patched for now. Thanks for your help, Jeff Schiller _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
