[wp-trac] [WordPress Trac] #25385: Validate URL for user comments in Comment Form
WordPress Trac
noreply at wordpress.org
Tue Aug 27 13:08:11 UTC 2019
#25385: Validate URL for user comments in Comment Form
------------------------------------+-------------------------
Reporter: nofearinc | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Comments | Version:
Severity: normal | Resolution: maybelater
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+-------------------------
Comment (by schlessera):
I propose reopening this and changing the default comment rendering code
instead to check whether the URL is valid, and only add it as the `href`
for an `<a>` element if that is the case. Otherwise, the URL will be
displayed as text only, and will not be a clickable link.
Doing it like this means that:
- The comment submission won't get stuck or be aborted.
- The URL is stored and can be modified by the site owner if needed.
- The frontend will not render an invalid (and potentially unsafe) URL as
a clickable link.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25385#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list