[wp-trac] [WordPress Trac] #57470: Copy and pasting from a document into the title field is including hidden html tags
WordPress Trac
noreply at wordpress.org
Mon Jan 16 02:26:19 UTC 2023
#57470: Copy and pasting from a document into the title field is including hidden
html tags
--------------------------------+-----------------------------
Reporter: mikeyott | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.1.1
Severity: normal | Keywords: needs-patch
Focuses: ui, administration |
--------------------------------+-----------------------------
As the title describes, if you copy and paste from a (Word) document and
into the title field of a new or existing post, hidden html tags come
along for the ride.
**How to replicate**
* Open a Word document that contains text with formatting. For example,
italic text.
* Highlight and copy the italicised text to the clipboard.
* Create a new page.
* Paste into the title field.
* Click Publish.
You will now see the confirmation dialogue read something like this...
{{{
<em>The page title here</em> is now live.
}}}
...yes, with the actual html tags visible.
When you view the **All Pages** screen, you will also see the title has
the **<em>** opening and closing tags as well. The only way to remove them
is to click **Quick Edit** and do it manually.
I'm not sure if this has any security implications (maybe someone with
that expertise can chime in here) but I do wonder how it would behave if
someone was copy/pasting content from a website if the content contained a
(malicious) **<script>** tag.
**Note:** I was able to replicate this issue with all plugins disabled,
running the latest version of Twenty Twenty-Three theme and latest version
of WordPress 6.1.1 (latest at time of this bug report).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57470>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list