Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#5533 closed defect (bug) (duplicate)

When rich editor is enabled, post's content is not properly escaped

Reported by: xknown Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3.1
Component: General Keywords:
Focuses: Cc:


If an user has unfiltered_html capability and rich editor is enabled on his profile, post's content is not properly escaped.

Steps to reproduce the problem:

  1. Write a new post/page using the "code" view with the following content </textarea><script>alert(123)</script>
  2. Press "Save and Continue editing" button.

It seems the problem is on line 691 of wp-includes/post.php.

Change History (1)

comment:1 @ryan7 years ago

  • Milestone 2.6 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Fixed for #6449

Note: See TracTickets for help on using tickets.