Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#49289 closed enhancement (duplicate)

Spam comments should not show html preview

Reported by: casiepa's profile casiepa Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.4
Component: Comments Keywords: reporter-feedback
Focuses: Cc:

Description

When hovering over a url to an HTML page in a comment that is in spam (/wp-admin/edit-comments.php?comment_status=spam), the HTML page is trying to be loaded.

I'm not sure it's a good idea to provide extra hits to a page that is probably from a spammer.

Proposal: block all <a> inside td.author and td.comment

Change History (2)

#1 @ocean90
4 years ago

  • Keywords reporter-feedback added

Could it be that you're using Akismet? It adds a preview image of the site next to the URLs. I'm not aware of a "HTML preview" in core by default.

#2 @SergeyBiryukov
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac! Thanks for the report.

Indeed, the preview comes from Akismet, not from WordPress core, see #29501 for more details.

Related: #31299.

Last edited 4 years ago by SergeyBiryukov (previous) (diff)
Note: See TracTickets for help on using tickets.