Opened 13 years ago
Closed 13 years ago
#17401 closed defect (bug) (fixed)
Problems sanitizing image titles
Reported by: | bi0xid | Owned by: | |
---|---|---|---|
Milestone: | 3.3 | Priority: | low |
Severity: | minor | Version: | 3.2 |
Component: | Formatting | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Hello there.
If you upload an image in any article, you can put a title to it. If this title has a >
, it breaks the img
tag and shows incorrectly (broken) when publishing.
In the editor, when editing an article, all images are shown, even if they are broken when published.
I have tried to exploit it, but "
is sanitized to "
, so this is not a serious problem.
Change History (8)
#3
in reply to:
↑ 2
@
13 years ago
- Milestone changed from Awaiting Review to 3.2
Replying to mfields:
This bug does not seem to be present in WordPress 3.1.3.
#4
@
13 years ago
- Component changed from TinyMCE to Formatting
Yes, this is a TinyMCE change or fix (that we don't have control over). It seems < and > are allowed inside a title="..."
attribute.
Actually the image breaks only if />
is used in the title and the breakage is caused by wp_texturize() that turns the remaining double quotes into curly quotes on display.
#6
follow-up:
↓ 7
@
13 years ago
- Milestone changed from 3.2 to Future Release
- Priority changed from normal to low
- Severity changed from normal to minor
In any case this will probably be fixed in updated version of TinyMCE.
I was able to reproduce this bug in the latest nightly. Note: this applies only to the visual editor. Here is what I did:
The image should be sent to the editor and display correctly, however when you switch to the HTML tab, you will notice that the html looks something like this:
instead of this:
I inspected many of the php functions used during and "Insert into Post" request and they all appear to be escaping the title through esc_attr(). I believe that this is bug is being caused by the html being processed by one of the TinyMCE libraries.