Skip to content

[ Comment Author Avatar Block ] - Escape styles attribute #36988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gziolo merged 1 commit into from
Nov 30, 2021
Merged

[ Comment Author Avatar Block ] - Escape styles attribute #36988

gziolo merged 1 commit into from
Nov 30, 2021

Conversation

@cbravobernal
Copy link
Contributor

@cbravobernal cbravobernal commented Nov 30, 2021

Description

In this PR we add escaping for styles attributes in order to be more secure.

How has this been tested?

  • Created a post.
  • Add Comments Query Loop
  • Checkws that Avatar is working fine with spacing attributes in both editor and frontend.

Screenshots

Types of changes

Small update to improve security

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • I've tested my changes with keyboard and screen readers.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR (please manually search all *.native.js files for terms that need renaming or removal).

ntsekouras
ntsekouras approved these changes Nov 30, 2021
View reviewed changes
Copy link
Contributor

@ntsekouras ntsekouras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! 👍

gziolo
gziolo approved these changes Nov 30, 2021
View reviewed changes
Copy link
Member

@gziolo gziolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lovely, thank you!

@gziolo gziolo merged commit 9724a3f into trunk Nov 30, 2021
@gziolo gziolo deleted the update/escape-avatar-spacing-attributes branch November 30, 2021 09:22
@gziolo gziolo added [Block] Comment Template Affects the Comment Template Block [Type] Security Related to security concerns or efforts labels Nov 30, 2021
@github-actions github-actions bot added this to the Gutenberg 12.1 milestone Nov 30, 2021
@gziolo gziolo mentioned this pull request Dec 1, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gziolo gziolo gziolo approved these changes

@ntsekouras ntsekouras ntsekouras approved these changes

@ajitbohra ajitbohra Awaiting requested review from ajitbohra ajitbohra is a code owner

@DAreRodz DAreRodz Awaiting requested review from DAreRodz

Assignees

No one assigned

Labels

[Block] Comment Template Affects the Comment Template Block [Type] Security Related to security concerns or efforts

Projects

None yet

Milestone

Gutenberg 12.1

Development

Successfully merging this pull request may close these issues.

4 participants

@cbravobernal @gziolo @ntsekouras