[wp-trac] [WordPress Trac] #1597: balanceTags() doesn't filter self-closing tags which shouldn't be self-closed
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 17 15:15:44 UTC 2010
#1597: balanceTags() doesn't filter self-closing tags which shouldn't be self-
closed
--------------------------+-------------------------------------------------
Reporter: frenzie | Owner: rob1n
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 2.9.1
Severity: minor | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by Frenzie):
* status: closed => reopened
* version: 1.5.2 => 2.9.1
* resolution: wontfix =>
Comment:
Replying to [comment:10 rob1n]:
> Not WordPress' purview. It's up to the user, IMO.
In Opera it doesn't matter because the STRONG (or whatever) elements will
be closed in the DOM when the containing element (i.e. typically LI for
comments) is closed, but meanwhile I could still severely disrupt the
display of comments for users of Firefox, IE or other browsers that parse
things along the same lines.
Indeed if the user were only the author(s) I wouldn't disagree with you,
but the "user" includes random, anonymous commenters. Should they really
be allowed free reign, if only for the few days it takes before their
comment is deleted and/or edited (depending on malicious vs. unintentional
as a value judgment by the person who has to decide what to do). I think
not.
The code still exists on line 1045 of formatting.php today, so the quick
and dirty fix I wrote all these years ago could still be applied instantly
to protect against such abuse.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/1597#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list