[wp-trac] [WordPress Trac] #37482: Copy/paste shortcode view containing HTML tags is broken
WordPress Trac
noreply at wordpress.org
Tue Jul 2 16:32:57 UTC 2019
#37482: Copy/paste shortcode view containing HTML tags is broken
--------------------------+-------------------------
Reporter: bduclos | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: TinyMCE | Version: 4.6
Severity: normal | Resolution: maybelater
Keywords: | Focuses: javascript
--------------------------+-------------------------
Changes (by azaozz):
* status: new => closed
* resolution: => maybelater
Comment:
Looking at this again, fixing it will introduce a self-xss vulnerability,
and there's no good way to sanitize the shortcode content in js. The way I
see at the moment is to send it to the server and run it through kses,
perhaps?
Also, this is now superseded by the block editor. Closing as maybelater
for now. Feel free to reopen with a patch if still needed in the classic
editor.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37482#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list