[wp-trac] [WordPress Trac] #63611: wp_widget_rss_output: HTML entities that are part of HTML tags should be removed

Thu Jun 26 04:33:04 UTC 2025

#63611: wp_widget_rss_output: HTML entities that are part of HTML tags should be
removed
-------------------------------------------------+-------------------------
 Reporter:  wildworks                            |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  6.9
Component:  Widgets                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  needs-unit-tests good-first-bug      |     Focuses:
  has-test-info has-patch needs-testing          |
-------------------------------------------------+-------------------------
Changes (by rollybueno):

 * keywords:  needs-unit-tests good-first-bug has-test-info has-patch =>
     needs-unit-tests good-first-bug has-test-info has-patch needs-testing

Comment:

 == Reproduction Report

 === Description
 This report validates whether the issue reported here can be reproduced.

 === Environment
 - WordPress: 6.9-alpha-60093-src
 - PHP: 8.2.28
 - Server: nginx/1.27.5
 - Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
 - Browser: Chrome 137.0.0.0
 - OS: Linux
 - Theme: Twenty Fifteen 4.0
 - MU Plugins: None activated
 - Plugins:
   • Classic Widgets 0.3
   • Test Reports 1.2.0

 === Steps to Reproduce
 1. Install and activate the **Classic Widgets** plugin —
 https://wordpress.org/plugins/classic-widgets/
 2. Switch to the **Twenty Fifteen** theme or any other classic theme.
 3. Go to **Appearance → Widgets**.
 4. Add an **RSS widget** to the sidebar.
 5. Use this RSS feed URL:
 https://pubmed.ncbi.nlm.nih.gov/rss/search/16cUU5Jcud0BSYRzHgbqJGm_F6kq07gr9atM8kZoogUmZdX5oj/
 6. Save the widget.
 7. View the site frontend.

 === Actual Results
 ✅ RSS feed titles that contain escaped HTML (such as `<em>`) are not
 decoded before being stripped, resulting in raw HTML entities being
 displayed in the title.

 === ℹ️ Additional Notes
 - ⚠️ Ensure you are using an older bundled theme such as **Twenty
 Fifteen**.
 - ⚠️ The **Classic Widgets** plugin is required to disable the Block
 Widgets UI and restore access to the legacy RSS widget.
 - Plugin source for reference:
 https://plugins.trac.wordpress.org/browser/classic-widgets/tags/0.3
 /classic-widgets.php

 === Supplemental Artifacts
 **Legacy RSS Setup**:
 [[Image(https://i.imgur.com/jOPgLqL.png)]]

 **Frontend result**:
 [[Image(https://i.imgur.com/28Em0mB.png)]]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63611#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform