[wp-trac] [WordPress Trac] #34575: shortcode not working in html comments
WordPress Trac
noreply at wordpress.org
Thu Nov 5 21:22:47 UTC 2015
#34575: shortcode not working in html comments
-----------------------------+----------------------
Reporter: distinct | Owner:
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Shortcodes | Version: 4.3.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
-----------------------------+----------------------
Comment (by distinct):
Hi @aaroncampbell, thank you for your more informed reply. This helps a
bit to put the changes into context.
But I still have not found any real details about the actual security
risk. And I noticed that the link in my OP was actually not the article I
read :$, but another one I was about to read but forgot about. I actually
meant this link: https://make.wordpress.org/core/2015/07/23/changes-to-
the-shortcode-api/
There Dave Navarro, Jr. mentions he could not find any details later on
the security risk either at first, but later mentions Gary Pendergast and
others have explained it to him, without any link to the real problem. I
would really like to know what the actual security risk is, because I
think not all sites will have it. (our site has no contributors for
instance, only a few select authors that can edit content)
I will read further into the coming shortcode changes. But I fear that
they might force me to look into another templating engine for this
feature. Which is a shame, because the shortcode system was working fine
for the simple functions we needed.
I do realize that it might be considered misuse of a feature to really use
it as a templating language. And it is certainly up for some improvements.
But I hope that the improvements don't have to weaken the power that it
used to have.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34575#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list