Opened 3 years ago
Last modified 3 years ago
#54138 new defect (bug)
wp_strip_all_tags should remove scripts/styles content recursively
Reported by: | wppunk | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | has-patch |
Focuses: | Cc: |
Description
If we try to run the next code <scri<script></script>pt>alert("krya");</script>
via the wp_strip_all_tags
function it remove the script content only once. So, the next hack allows passing the script content throw the function.
## In details.
First iteration:
- input: `<scri<script></script>pt>alert("krya");</script>
- output:
<script>alert("krya");</script>
Thankfully the strip_tags
removes scripts tags later, but the content is still present.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Remove scripts and styles tags recursively.
Trac ticket: https://core.trac.wordpress.org/ticket/54138#ticket