WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#19577 closed defect (bug) (invalid)

Comment 'Quick Edit' email field contains Javascript code

Reported by: djpeanut Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3
Component: UI Keywords: close
Focuses: Cc:

Description

This is for WP3.3.

When I use the Edit Comments page in the back end and choose the 'quick edit' option for a given comment (any comment), the email field appears to contain both the email address and then a piece of Javascript code:

email@domain.com/* <![CDATA[ */(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();/* ]]> */

Saving the comment then strips this down so the original commenter's email address becomes

email@domain.comCDATAfunctiontryvarsaijrcldocument.getElementByIdcfemailal.classNameifasrparse

This doesn't happen with the full blown 'Edit' dialog, just the Ajax 'quick edit'

Change History (2)

comment:1 duck_2 years ago

  • Keywords close added

This is caused by CloudFlare email protection, see this support forum thread. I'm not sure if there's anything we can do to prevent this, but you could try turning off this feature for wp-admin or something.

comment:2 SergeyBiryukov2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.