Opened 11 months ago
Last modified 10 months ago
#60191 new defect (bug)
Ampersand in non-entities such as &a; is not escaped
Reported by: | superpoincare | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
Wordpress escapes ampersand as &
in many places.
It checks if the ampersand is part of any entity before conversion, as the ampersand in an entity shouldn't be escaped. However the regex also passes things such as &a;
which is not an entity, and wrongly doesn't convert the ampersand there.
To correct that it has to be checked if the pattern matched is really an entity. Which can be done by using something like html_entity_decode and the decode for an entity would be different from the original string.
The block editor somehow right checks and prevents strings such as &a;
to pass but older posts and something inserted by plugins will have this bug.
Note: See
TracTickets for help on using
tickets.