[wp-trac] [WordPress Trac] #3592: Links with double-quotes fail to
validate
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 16 17:07:14 GMT 2007
#3592: Links with double-quotes fail to validate
---------------------+------------------------------------------------------
Reporter: irayo | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.0.7
Component: General | Version: 2.0.7
Severity: minor | Keywords:
---------------------+------------------------------------------------------
If I add a hyperlink that has a link description that contains quotes,
then the following invalid HTML is generated:
{{{ <a title=" a "quote" in the description " href...> }}}
This fails to validate, and furthermore could theoretically (I haven't
tried) be used as a security exploit to gain access to other HTML
elements:
{{{ <a title=" "><othertag><a title=" " href...> }}}
This has been tested in WordPress 2.0.7.
--
Ticket URL: <http://trac.wordpress.org/ticket/3592>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list