Posted by Hanno Böck on Apr 27
As there is still no fix from upstream I created a quick’n’dirty fix
for it:
https://gist.github.com/hannob/a07f7b7e196c75c4c1a8
https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diff
It certainly doesn’t comply with any coding style or anything 🙂 but it
should protect you for now.