id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
11833	bizarre behavior in the comment form sanitization	Denis-de-Bernardy	ryan	"Found this while trying to break the comment form's multiple link regex (#11830):

{{{
<a
href = http://foo.com

<a
href = http://foo.com

>test</a>
}}}

when I look into my post's code, I get:

{{{
<p><a href = <a  href=""http://foo.com"" rel=""nofollow"">http://foo.com</a></p>
<p><a href = <a  href=""http://foo.com"" rel=""nofollow"">http://foo.com</a></p>
<p>>test</p>
}}}

on the plus side, the nofollow regex works. but those extra < and > should have been html encoded."	defect (bug)	closed	normal		Security	3.0	normal	invalid