Make WordPress Core

Opened 22 months ago

Last modified 22 months ago

#55714 new defect (bug)

& stored as & for Post Title and Excerpt in Editor

Reported by: kapilpaul's profile kapilpaul Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Editor Keywords: has-testing-info
Focuses: Cc:

Description

Hi,

When an Author/other user(who have Create post permission) creates a post and add a post title as Hello & Welcome to WordPress after save the post the post title is stored as Hello & Welcome to WordPress in DB. As this is stored like this it is showing same in the editor. This is happening with Excerpt also.

NB: This is not happening with Admin user or if you are using Gutenberg Editor.

Reproduce Steps:

  1. Disable your gutenberg editor and enable classic editor.
  2. Logged in as an Author.
  3. Switch to a non block based theme. (skip if your theme is not block based)
  4. Go to Post > Add New
  5. Add Post Title, Excerpt as Hello & Welcome to WordPress
  6. Save Post
  7. You will see Hello & Welcome to WordPress as title

Change History (3)

#1 @costdev
22 months ago

  • Version trunk deleted

Removing trunk as the Version as I also reproduced this in WordPress 4.8. This may have been occurring for longer though, I just haven't tested less than 4.8.

#2 @costdev
22 months ago

  • Keywords has-testing-info added

#3 @kapilpaul
22 months ago

There is a security concern while storing the title in DB.
So can we do one thing here, just decode the html entity while displaying in editor?
if that something make sense. so that we do not need work on the existing implementation.

Note: See TracTickets for help on using tickets.