Opened 7 months ago
Last modified 7 months ago
#22135 new defect (bug)
Special characters in caption lead to failure of inserting images
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | Media | Version: | 3.4.2 |
| Severity: | normal | Keywords: | 2nd-opinion |
| Cc: | mdhansen@… |
Description
Found this when double-checking #22132:
- Go to add a new post.
- Click "Upload/Insert" (the "old" media upload).
- Upload an image, or go to choose one from the media library.
- Insert Title"<script>alert('Title');</script> in the "Caption" field.
- Click "Insert into Post".
Instead of the image (or Shortcode) being added to the editor (with a somehow escaped caption field), the media upload iframe just gets a new content:
[/caption]'); /* ]]> */
Reproduced in 3.4.2 and trunk.
Attachments (1)
Change History (4)
MikeHansenMe — 7 months ago
comment:1
MikeHansenMe — 7 months ago
I was able to reproduce the error. It also allowed the alert on the front end. I am not sure if this will need to be addressed once the new media update is fully implemented.
comment:2
MikeHansenMe — 7 months ago
- Cc mdhansen@… added
comment:3
MikeHansenMe — 7 months ago
- Keywords 2nd-opinion added
Note: See
TracTickets for help on using
tickets.
screenshot of the error