Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#5475 closed defect (bug) (invalid)

Admins not filtered

Reported by: Aen Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3.1
Component: General Keywords:
Focuses: Cc:


Tested on a default WP2.3.1 installation, with the default and a few other themes. No commenting plugin installed. Just fresh and new.

Submitting <textarea> and <input> in comments, the actual html elements show up. Ugly and probably a security risk?

You can see an example at

Change History (2)

#1 @Aen
14 years ago

  • Resolution set to invalid
  • Status changed from new to closed
  • Summary changed from [Allowed HTML tags] Textareas and Inputs allowed to Admins not filtered

I realized I was posting as admin and thus I was not subjected to filtering. The tags are not allowed when I'm posting as non-admin.

#2 @ionfish
14 years ago

  • Milestone 2.3.2 deleted
Note: See TracTickets for help on using tickets.