[wp-trac] [WordPress Trac] #34575: shortcode not working in html comments
WordPress Trac
noreply at wordpress.org
Wed Nov 4 11:27:27 UTC 2015
#34575: shortcode not working in html comments
--------------------------+-----------------------------
Reporter: distinct | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Shortcodes | Version: 4.3.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
First of all I would like to mention that I have read
https://make.wordpress.org/core/2015/09/04/shortcode-roadmap-extended-
discussion/ so I know about the change to the shortcode system. What I
could not find was the real security problem mentioned there. I would
really like to know the CVE.
Now for the problem, I would like to be able to do this:
{{{
<table>
<!-- [conditional1] --><tr><td>row1</td></tr><!-- [/conditional1] -->
<!-- [conditional2] --><tr><td>row2</td></tr><!-- [/conditional2] -->
<!-- [conditional3] --><tr><td>row3</td></tr><!-- [/conditional3] -->
</table>
}}}
This way the table is editable in the visual tab and the html will be
correct.
The way we fix this now is by only using the Text tab and the following
html:
{{{
<table>
[conditional1]<tr><td>row1</td></tr>[/conditional1]
[conditional2]<tr><td>row2</td></tr>[/conditional2]
[conditional3]<tr><td>row3</td></tr>[/conditional3]
</table>
}}}
This does work with the new shortcode parsing, but the visual tab will
wrap the shortcodes in <p>'s which will break the table.
#23786 mentions the inverse of this bug, so at some point this still
worked. But now <!-- is explicitly skipped in do_shortcodes_in_html_tags
Thanks
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34575>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list