[wp-trac] [WordPress Trac] #58227: JavaScript can be entered as an image description
WordPress Trac
noreply at wordpress.org
Mon May 1 20:51:51 UTC 2023
#58227: JavaScript can be entered as an image description
-------------------------------+------------------------------
Reporter: Presskopp | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Changes (by johnbillion):
* keywords: => reporter-feedback
Comment:
@Presskopp Thank you very much for the report. Are you able to replicate
this with an Author level user on a vanilla site with no plugins installed
and one of the Twenty themes in use?
In testing on my local, an Editor or Administrator can indeed enter
JavaScript here which is to be expected. When an Author level user enters
JavaScript, it gets stripped out when the post is saved, which is to be
expected. I tried this both on the attachment editing screen and in the
media manager grid view.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58227#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list