[wp-trac] [WordPress Trac] #11833: bizarre behavior in the comment form sanitization
WordPress Trac
wp-trac at lists.automattic.com
Sat Jan 9 01:57:35 UTC 2010
#11833: bizarre behavior in the comment form sanitization
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: Security | Version: 3.0
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Found this while trying to break the comment form's multiple link regex
(#11830):
{{{
<a
href = http://foo.com
<a
href = http://foo.com
>test</a>
}}}
when I look into my post's code, I get:
{{{
<p><a href = <a href="http://foo.com"
rel="nofollow">http://foo.com</a></p>
<p><a href = <a href="http://foo.com"
rel="nofollow">http://foo.com</a></p>
<p>>test</p>
}}}
on the plus side, the nofollow regex works. but those extra < and > should
have been html encoded.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11833>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list