[wp-trac] [WordPress Trac] #40741: Script tag accepting in comment section so we can break the page using script tag.

WordPress Trac noreply at wordpress.org
Fri May 12 06:05:40 UTC 2017


#40741: Script tag accepting in comment section so we can break the page using
script tag.
--------------------------+-----------------------------
 Reporter:  jitheshkk     |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Script tags are accepting in comment box here is the example i placed
 below code in comment box and submitted then page goes to blank.Here is my
 code
 <!-- Code comment --!>
 <script>
 console.log('test');
 document.body.innerHTML ='';
 </script>

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40741>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list