Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#55714 new defect (bug)

& stored as & for Post Title and Excerpt in Editor

Reported by: kapilpaul's profile kapilpaul Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Editor Keywords: has-testing-info
Focuses: Cc:



When an Author/other user(who have Create post permission) creates a post and add a post title as Hello & Welcome to WordPress after save the post the post title is stored as Hello & Welcome to WordPress in DB. As this is stored like this it is showing same in the editor. This is happening with Excerpt also.

NB: This is not happening with Admin user or if you are using Gutenberg Editor.

Reproduce Steps:

  1. Disable your gutenberg editor and enable classic editor.
  2. Logged in as an Author.
  3. Switch to a non block based theme. (skip if your theme is not block based)
  4. Go to Post > Add New
  5. Add Post Title, Excerpt as Hello & Welcome to WordPress
  6. Save Post
  7. You will see Hello & Welcome to WordPress as title

Change History (3)

#1 @costdev
2 years ago

  • Version trunk deleted

Removing trunk as the Version as I also reproduced this in WordPress 4.8. This may have been occurring for longer though, I just haven't tested less than 4.8.

#2 @costdev
2 years ago

  • Keywords has-testing-info added

#3 @kapilpaul
2 years ago

There is a security concern while storing the title in DB.
So can we do one thing here, just decode the html entity while displaying in editor?
if that something make sense. so that we do not need work on the existing implementation.

Note: See TracTickets for help on using tickets.