When rich editor is enabled, post's content is not properly escaped
|Reported by:||xknown||Owned by:|
If an user has unfiltered_html capability and rich editor is enabled on his profile, post's content is not properly escaped.
Steps to reproduce the problem:
- Write a new post/page using the "code" view with the following content </textarea><script>alert(123)</script>
- Press "Save and Continue editing" button.
It seems the problem is on line 691 of wp-includes/post.php.
Change History (1)
Note: See TracTickets for help on using tickets.