msm-sitemap icon indicating copy to clipboard operation
msm-sitemap copied to clipboard
verified publisher icon Automattic

kses for sitemap content

Open mjangda opened this issue 12 years ago • 1 comments

Currently, the generated sitemap content for each day is stored in meta. We just output the meta as-is, presuming it to be safe. This isn't ideal and we should see if we can uses kses to clean the data before outputting it.

mjangda avatar Nov 20 '13 06:11 mjangda

I think this was more of an issue when we were just adding XML to post meta, before we used SimpleXMLElement the data.

We could harden up the filters in https://github.com/Automattic/msm-sitemap/blob/master/msm-sitemap.php#L428-L439. I don't think https://github.com/Automattic/msm-sitemap/blob/master/msm-sitemap.php#L437 does anything anyway

pkevan avatar Mar 03 '14 11:03 pkevan