id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
11833,bizarre behavior in the comment form sanitization,Denis-de-Bernardy,ryan,"Found this while trying to break the comment form's multiple link regex (#11830):

{{{
<a
href = http://foo.com

<a
href = http://foo.com

>test</a>
}}}

when I look into my post's code, I get:

{{{
<p><a href = <a  href=""http://foo.com"" rel=""nofollow"">http://foo.com</a></p>
<p><a href = <a  href=""http://foo.com"" rel=""nofollow"">http://foo.com</a></p>
<p>>test</p>
}}}

on the plus side, the nofollow regex works. but those extra < and > should have been html encoded.",defect (bug),closed,normal,,Security,3.0,normal,invalid,,