Opened 12 years ago
Closed 12 years ago
#19577 closed defect (bug) (invalid)
Comment 'Quick Edit' email field contains Javascript code
Reported by: | djpeanut | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3 |
Component: | UI | Keywords: | close |
Focuses: | Cc: |
Description
This is for WP3.3.
When I use the Edit Comments page in the back end and choose the 'quick edit' option for a given comment (any comment), the email field appears to contain both the email address and then a piece of Javascript code:
email@domain.com/* <![CDATA[ */(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();/* ]]> */
Saving the comment then strips this down so the original commenter's email address becomes
email@domain.comCDATAfunctiontryvarsaijrcldocument.getElementByIdcfemailal.classNameifasrparse
This doesn't happen with the full blown 'Edit' dialog, just the Ajax 'quick edit'
Change History (2)
Note: See
TracTickets for help on using
tickets.
This is caused by CloudFlare email protection, see this support forum thread. I'm not sure if there's anything we can do to prevent this, but you could try turning off this feature for wp-admin or something.