Opened 17 years ago
Closed 17 years ago
#5533 closed defect (bug) (duplicate)
When rich editor is enabled, post's content is not properly escaped
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.3.1 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
If an user has unfiltered_html capability and rich editor is enabled on his profile, post's content is not properly escaped.
Steps to reproduce the problem:
- Write a new post/page using the "code" view with the following content
</textarea><script>alert(123)</script>
- Press "Save and Continue editing" button.
It seems the problem is on line 691 of wp-includes/post.php
.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Fixed for #6449