[wp-trac] [WordPress Trac] #5533: When rich editor is enabled,
post's content is not properly escaped
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 26 15:47:18 GMT 2007
#5533: When rich editor is enabled, post's content is not properly escaped
---------------------+------------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: General | Version: 2.3.1
Severity: normal | Keywords:
---------------------+------------------------------------------------------
If an user has unfiltered_html capability and rich editor is enabled on
his profile, post's content is not properly escaped.
Steps to reproduce the problem:
1. Write a new post/page using the "code" view with the following content
`</textarea><script>alert(123)</script>`
2. Press "Save and Continue editing" button.
It seems the problem is on [http://trac.wordpress.org/browser/trunk/wp-
includes/post.php#L691 line 691] of `wp-includes/post.php`.
--
Ticket URL: <http://trac.wordpress.org/ticket/5533>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list