[wp-trac] [WordPress Trac] #57343: HTML in comments is automatically deleted
WordPress Trac
noreply at wordpress.org
Wed Aug 13 15:31:46 UTC 2025
#57343: HTML in comments is automatically deleted
--------------------------+------------------------------
Reporter: locksoft | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 6.1.1
Severity: major | Resolution:
Keywords: 2nd-opinion | Focuses:
--------------------------+------------------------------
Changes (by mindctrl):
* keywords: needs-testing 2nd-opinion => 2nd-opinion
Comment:
Hi @locksoft, welcome to Trac.
I was able to confirm your report. To clarify the situation:
Non-admin users cannot post certain HTML in comments, such as the class
attribute you mentioned. This is intentional. However, if an admin user
edits the comment, and adds some of the HTML that would be stripped out
for non-admin users, the HTML is still stripped out when the admin saves
it.
This is due to the comment being passed through `wp_update_comment()`,
which checks the comment's user ID instead of the current user ID editing
the comment. Reference: https://github.com/WordPress/wordpress-
develop/blob/94cab031c85eaf86e5e6975421359b0be3b994b7/src/wp-
includes/comment.php#L2570-L2577
I can see the value in your argument for allowing admins to exercise their
user capabilities on comments by other users, but I don't have a complete
picture in my head of what other impacts that might have, or if there is
sufficient interest in changing the current behavior for the core team to
take this on. Requesting a second opinion.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57343#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list