Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#5796 closed defect (bug) (fixed)

Viewing a post in HTML editing mode results in enetity encoded html being non-encoded

Reported by: DD32 Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.5
Component: TinyMCE Keywords: has-patch tested
Focuses: Cc:


Steps to reproduce:

  1. Create a new post in Visual Editor, Enter some text, Include some HTML in the Visual view (That you expect to be visible in the blog post as entity-encoded)
  2. Switch to HTML view, Notice that the HTML is entity encoded as expected
  3. Save the post (You can replace the above steps with editing a previous post with HTML in it too, as long as WordPress will default to opening in the HTML mode)
  4. WordPress remembers that you prefer the HTML mode, and loads up in that mode. Notice the HTML is no longer encoded
  5. Switch back to the Visual editor, Notice that now the previously entity-encoded HTML is being treated as inline HTML, Ie. <a href="">link</a> shown in the visual editor, will now appear as a Link.
  6. Saving the post now will result in the HTML being posted as HTML, rather than entity-encoded HTML

In both cases WordPress prints the code the same: (Mind you, HTML mode doesnt have the <p> tags)

<textarea class='' rows='25' cols='40' name='content' tabindex='2' id='content'><p>This is an example of HTML</p>
<p>&amp;lt;a href="Testty"&amp;gt;Test Link&amp;lt;/a&amp;gt;</p>

Attachments (2)

5796.diff (685 bytes) - added by DD32 10 years ago.
escape.diff (1.0 KB) - added by andy 10 years ago.

Download all attachments as: .zip

Change History (8)

#1 @ffemtcj
10 years ago

  • Cc ffemtcj added

10 years ago

#2 @DD32
10 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

Not sure if htmlspecialchars() or htmlentities() should be used.

This function[htmlentities()] is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities. - http://au2.php.net/manual/en/function.htmlentities.php

#3 @ffemtcj
10 years ago

  • Keywords tested added; needs-testing removed

Works fine

#4 @lloydbudd
10 years ago

  • Milestone changed from 2.6 to 2.5

10 years ago

#5 @andy
10 years ago

Added a patch that does basically the same thing, plus ENT_NOQUOTES and a filter.

#6 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6767]) htmlspecialchars when loading content into html editor. Props DD32 and andy. fixes #5796

Note: See TracTickets for help on using tickets.