Bug: Post titles not properly HTML-escaped
-
Apparently there isn’t a legitimate bug tracker for the WordPress software, so I have to post on the forum?
Anyway…
If you post a blog post with HTML characters (specifically, < [<] and > [>]) in the title, WordPress does not escape. Rather, they (and any text in between them) are simply eliminated. For example, I wanted to blog about HTML5’s <video> tag. Instead, WordPress made me blog about HTML5’s ” “. Yes, a space. To work around the problem, I specifically typed in < and > in the title.
However, when I later used Quick Edit to add more categories and tags and whatnot, WordPress apparently converted those HTML entities back into plain text, and then properly made them disappear again.
This is quite and annoying predicament.
The blog I need help with is: (visible only to logged in users)
-
You need to contact staff directly with such problems: http://support.wordpress.COM/contact/ .
-
Wow. This forum is pretty bad, too. I have to double-escape the entities?!
< and > is what I had to use as my workaround.
-
`Allowed markup: a blockquote code em strong ul ol li.
You can also put code in between backtick () characters. -
-
@thesacredpath Done. Thanks for the tip.
@raincoaster Your point? I wasn’t attempting to add any HTML or any other code to that post.
-
(Sorry, I’m just annoyed about having to waste my time with such petty things as improperly escaped HTML.)
-
Sorry, a quick skim led me to believe you’d lost some code.
And basically, for bugs the procedure is to scan the forum and see if anyone else has reported it, then report it to staff. Sometimes it’s a known issue, sometimes you’re the first one to report it.
-
I’m sure there are reasons that staff has done things the way they have. You will have to discuss it with them though.
-
-
gphemsley, it sounds like you’re using the HTML editor, not the visual editor.
If you’re using the HTML editor WordPress will assume any tags or other HTML special characters you write are intended to be HTML markup – that is, it assumes your
<video>tag was supposed to be an embedded video.If you’re using the visual editor WordPress will escape any tags or special characters you write – that is, it assumes your
<video>tag is supposed to be displayed as the text<video>.In both cases, the end result will be filtered to remove any HTML tags that are disallowed for security reasons. The video tag is stripped because it’s not a valid xhtml 1.0 tag.
In short: if you use the visual editor things will work as you expect. Use the HTML editor if you want to write markup and escape characters by hand. QuickPress uses the HTML editor I believe.
-
@tellyworth If I were referring to the body of the post, all of that would be true. However, I’m referring to the title of the post. There’s only one way to edit that.
-
@gphemsley The reason your
<video>HTML code is stripped from the title is because it isn’t in the allowed HTML list. The same thing happens when you use code that isn’t allowed in the body of your post, it gets stripped out.The software doesn’t know that you wanted to display the HTML code instead of using it as HTML. You’ll have to escape the code on your own if you want it to display.
-
- The topic ‘Bug: Post titles not properly HTML-escaped’ is closed to new replies.
WordPress.com Forums 