WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 3 years ago

#31299 closed enhancement (wontfix)

Protection from Spammy Comment Links in Admin Area

Reported by: ma7moudat Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1
Component: Comments Keywords: has-patch needs-refresh
Focuses: administration Cc:
PR Number:

Description

I was checking out my spam comments section and accidentally cliked a link in one of the comments.

Fortunately, no harm was done. However, shouldn't the admin area have spammy comment links be disabled by default? Or at least trigger a warning message?

Attachments (1)

31299.patch (1.7 KB) - added by tyxla 5 years ago.
Links in spam comments in the administration will now trigger a confirmation window, allowing to prevent unwanted clicks on malicious links.

Download all attachments as: .zip

Change History (9)

#1 @SergeyBiryukov
5 years ago

  • Component changed from Security to Comments
  • Focuses administration added

#2 @tyxla
5 years ago

Welcome to the WordPress Core Trac, @ma7moudat!

This is a nice idea IMHO. Attaching a patch for that.

@tyxla
5 years ago

Links in spam comments in the administration will now trigger a confirmation window, allowing to prevent unwanted clicks on malicious links.

#3 @tyxla
5 years ago

  • Keywords has-patch added

#4 @ma7moudat
5 years ago

Thank you!

Always glad to contribute to our beloved WordPress :)

#5 @toscho
5 years ago

Please add a filter, so we can disable this extra click. This is annoying for keyboard users who know what they are doing. Thanks.

#6 @helen
5 years ago

I would not like to see a JS confirm for this context. I wonder if it would be better to do something similar to what Akismet does in showing the URL inline and removing the link entirely, making browsing to that URL a very purposeful activity.

#7 @rachelbaker
4 years ago

  • Keywords needs-refresh added
  • Milestone changed from Awaiting Review to Future Release

+1 to @helen's suggested approach of removing the anchor element and displaying the href inline.

#8 @rachelbaker
3 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

@ma7moudat After #36380 and giving this some thought, I don't like the idea of having special behavior for links in comments with a "spam" status.

I believe the Akismet plugin takes with comment content links is the best experience with any comment regardless of status:

  • href values are displayed alongside linked text
  • hovering over a link shows a preview of the location site

Because the scope of this ticket is narrowly focused on providing special handling for links within the content of comments marked as spam, I am going to suggest this be closed as a wontfix. However, what can we do to improve how WordPress core presents comments within the admin for moderators regardless of the comment status?

Note: See TracTickets for help on using tickets.