Making WordPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#5439 closed defect (bug) (fixed)

Escape HTML tags in comments

Reported by: jonoaldersonwp's profile jonoaldersonwp Owned by: dd32's profile dd32
Milestone: Priority: lowest
Component: Make (Get Involved) / P2 Keywords: seo
Cc:

Description

The comment at https://make.wordpress.org/core/2016/08/17/wordpress-4-7-whats-on-your-mind/#comment-30884 contains a <title> tag, which is parsed as HTML. HTML in comments should be appropriately sanitized.

Change History (3)

#1 @dd32
4 years ago

Fixed the comment and another instance of it.

#2 @dd32
4 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 10260:

o2: <title> is not a tag we want to ever see on o2. Remove it since we also apply this to the comment contents.

Fixes #5439.

#3 @dd32
4 years ago

#5395 was marked as a duplicate.

Note: See TracTickets for help on using tickets.