WordPress.org

Make WordPress Core

Opened 7 months ago

Last modified 4 months ago

#48497 new defect (bug)

If preformatted block contains "<script>" tag page would not save

Reported by: martynasma Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.2.4
Component: General Keywords:
Focuses: Cc:

Description

If preformatted block content contains "<script>" (with or without any attributes), saving page fails with an error "Updating failed".

This happens even with < and > are encoded:

<pre class="wp-block-preformatted">&lt;script&gt;</pre>

Change History (3)

#1 @martynasma
7 months ago

Looks like the issue is not limited to preformatted block. Any regular paragraph block containing <script> will prevent page from saving.

#2 @martynasma
7 months ago

5.3 has same issue, just with a bit different error wording:

"Updating failed. Error message: The response is not a valid JSON response."

#3 @stidch
4 months ago

Sounds similar to the issue here:
https://core.trac.wordpress.org/ticket/48268

I don't know if the issue I face is exactly the same, but at least looks similar.

I cannot save any page, which contain a shortcode, which contain a call to a java-script method

For example:

onload="resizeIframe(this)"

In my case I try to resize an iframe with the advanced-iframe plugin. The full shortcode looks like this:

advanced_iframe src="https://xxx.com/script.php?parameter=value" frameborder="0" scrolling="no" onload="resizeIframe(this)"

In an html block above I'v defined the resizeIframe method.

<script>
function resizeIframe(iframe) {
  iframe.height = "10px" // required for reducing the size
  iframe.height = iframe.contentWindow.document.body.scrollHeight + "px";
}
</script>

If I remove the part

onload="resizeIframe(this)

from the shortcode I can successfully save the page. With I can't.

I've tried already with disabled plugins and default theme.

Note: See TracTickets for help on using tickets.