[wp-trac] [WordPress Trac] #36837: <script> tags in Admin Options page input field triggering mod_security
WordPress Trac
noreply at wordpress.org
Mon May 16 06:42:26 UTC 2016
#36837: <script> tags in Admin Options page input field triggering mod_security
----------------------------+-----------------------------
Reporter: maddogprod | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: 4.5.2
Severity: normal | Resolution: invalid
Keywords: | Focuses: administration
----------------------------+-----------------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hey @maddogprod,
Unfortunately there really isn't anything we can do about this - and it
certainly isn't something we should attempt to work around in WordPress.
`mod_security` rules are often trigger-happy, as they are in this case,
and it sounds like it's probably being triggered by the presence of
`<script>` in any data sent to the server.
Although the host says nothing has changed, very little has changed in
WordPress as well - and definitely nothing of substance that would cause
us to suddenly start triggering such a rule.
The only suggestion I can offer you, is to use a plugin/shortcode instead
to add the tracking data, so that you aren't required to add the
`<script>` tags in the input, and only have to specify a tracking ID.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36837#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list