This post demonstrates the security fix implemented to prevent Cross Site Scripting using the link parameter in a number of shortcodes.
Without the security fix, when the links are clicked on a JavaScript alert box is displayed.
With the fix applied the JavaScript alert message is NOT DISPLAYED when the link is clicked on.
bw_button shortcode
[bw_button link="javascript:alert('bw_button')"]bw_contact_button shortcode
[bw_contact_button link="javascript:alert('bw_contact_button')"]bw_link shortcode
[bw_link link="javascript:alert('bw_link')"]bw_logo shortcode
[bw_logo link="javascript:alert('bw_logo')"]
bw_qrcode shortcode
[bw_qrcode link="javascript:alert('bw_qrcode')"]