[wp-trac] [WordPress Trac] #55968: xss string to be treated as simple string
WordPress Trac
noreply at wordpress.org
Sun Jun 12 06:11:57 UTC 2022
#55968: xss string to be treated as simple string
-------------------------------+-----------------------------
Reporter: vibhanshujain | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: trunk
Severity: normal | Keywords: needs-patch
Focuses: |
-------------------------------+-----------------------------
xss string to be treated as simple string while creating a post from the
Dashboard or should not be allowed to be saved as draft.
Current Behaviour:
wordpress allowed to save post as a draft with xss string however, editing
of a post is not allowed.
Expected Behaviour:
Behaviour should consistent from end user perspective.
Steps To Reproduce :
Step-1: Login in WordPress 6.1
Step-2: Navigate to the Dashboard.
Step-3: Enter simple xss text for title in quick draft section
{{{
e.g: <svg onload=alert(XSS)>
}}}
Step-4: Click on Save draft to save post as draft
Step-5: Click on newly created xss titled post to edit the same.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55968>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list