Make WordPress Core

Opened 16 months ago

Last modified 15 months ago

#57343 new defect (bug)

HTML in comments is automatically deleted

Reported by: locksoft's profile locksoft Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: 6.1.1
Component: Comments Keywords: needs-testing 2nd-opinion
Focuses: Cc:

Description

If I add a photo, or a class for a link, or something else, they're immediately removed when I save them.

Change History (4)

#1 @kalpeshh
15 months ago

  • Keywords needs-screenshots needs-testing-info added

I have tested this with below HTML and it worked fine.

<a href="https://example.com" class="my_class" > MyLink </a>

Can you please share steps to reproduce?

#2 @locksoft
15 months ago

Hi @kalpeshh,

I discovered that only administrators can add full html tags in comments, and this was the problem: I tried to edit a comment created by an user. WP should be more clear about these limits, or allow a comment to be marked as “administrator” if edited by an administrator.

#3 @kalpeshh
15 months ago

  • Keywords 2nd-opinion added; needs-screenshots needs-testing-info removed

Hi @locksoft, yes with non-admin user css classes are removed by WordPress which should be the case as most of the visitors of your website won't be technical enough to check available CSS classes of your theme and apply these classes in comment.

If you consider a case where they want to use their own CSS class, it is not allowed to either include your own css file or put inline css.

Is there any case you have in mind where you have need for users to out css classes?

#4 @locksoft
15 months ago

It’s ok this limit for normal users. But sometimes, I may have the need to edit some comment and add more stuff, like for example an image or so. I think a comment should allow an administrator to edit it without any limit (in case, even locking out the original poster to edit it, as they lost the ownership).
As it’s now, if I need to do something like that, I have to create a new comment myself and then copy and paste the text from the original one; then manually change the user and email fields (and the op is locked out anyway from editing it).
What I need is that:

1) a normal comment’s ownership is automatically changed when an administrator edits it or
2) have a checkbox or so to assign the comment ownership to an administrator, in case of need.

I hope it’s clear what I mean. :)

Note: See TracTickets for help on using tickets.