[wp-trac] [WordPress Trac] #36837: <script> tags in Admin Options page input field triggering mod_security

WordPress Trac noreply at wordpress.org
Mon May 16 06:42:26 UTC 2016

#36837: <script> tags in Admin Options page input field triggering mod_security
 Reporter:  maddogprod      |       Owner:
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:  4.5.2
 Severity:  normal          |  Resolution:  invalid
 Keywords:                  |     Focuses:  administration
Changes (by dd32):

 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


 Hey @maddogprod,

 Unfortunately there really isn't anything we can do about this - and it
 certainly isn't something we should attempt to work around in WordPress.

 `mod_security` rules are often trigger-happy, as they are in this case,
 and it sounds like it's probably being triggered by the presence of
 `<script>` in any data sent to the server.

 Although the host says nothing has changed, very little has changed in
 WordPress as well - and definitely nothing of substance that would cause
 us to suddenly start triggering such a rule.

 The only suggestion I can offer you, is to use a plugin/shortcode instead
 to add the tracking data, so that you aren't required to add the
 `<script>` tags in the input, and only have to specify a tracking ID.

Ticket URL: <https://core.trac.wordpress.org/ticket/36837#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list