[wp-trac] [WordPress Trac] #56726: Editor can't save <script> tag in post content
WordPress Trac
noreply at wordpress.org
Wed Oct 5 01:35:20 UTC 2022
#56726: Editor can't save <script> tag in post content
------------------------------+----------------------
Reporter: yauheninikifarau | Owner: (none)
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
------------------------------+----------------------
Changes (by peterwilsoncc):
* status: new => closed
* resolution: => wontfix
* component: Editor => Security
* milestone: Awaiting Review =>
Comment:
Hi @yauheninikifarau and welcome to trac.
On a standard WordPress install, both Editors and Administrators are
permitted to post `<script>` tags as they have permission to post
unfiltered HTML. See the `unfiltered_html` capability detailed in
[https://wordpress.org/support/article/roles-and-capabilities/ the roles
and capabilities documentation].
It is possible for plugins or a setting in wp-config.php to prevent these
users from posting unfiltered HTML.
On a Multisite install, only super-admins can post unfiltered HTML. Again,
there are plugins that will allow users with lower permissions (such as
editors and administrators of sub-sites) to post any tags they wish.
For Multisite installs, there are security reasons that the editors and
administrators aren't permitted to post unfiltered HTML by default so
adding an option to do so is not something the team is able to do. It
remains plugin territory.
If you are seeing this on a standard/single site install, you may wish to
review your plugins or settings to see why editors are unable to use
unfiltered HTML.
As the current settings are considered an acceptable compromise and
already configurable via wp-config or plugins, I am going to close this
ticket as wont fix.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56726#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list