-
AuthorPosts
-
September 8, 2022 at 9:35 pm #11607WebMParticipant
Hi Aakash,
Fabulous plugin. Relying heavily on it for several sites.
I now encountered an issue on one site that doesn’t happen on another.The normal html format coding <div class=”wrap1″>,
is suddenly replaced by the character entity version: <div class="wrap1">
throughout the short code (even for former shortcodes that didn’t use to suffer from this).Both sites are up to date with latest version 6.0 and the incriminated site used to work perfectly without issues. I see no setting to manage this.
Kindly advise, Best. WebM
September 8, 2022 at 9:41 pm #11608WebMParticipantSorry the entity version is converted and displays as normal code in my orginal submission.
I trust you understand what I meant.
& lt; article class= & quot; wrap1 & quot; & gt;September 8, 2022 at 10:58 pm #11610Aakash ChakravarthyKeymasterHi there,
Thanks for using shortcoder plugin.
This is not expected. It means the plugin is broken.
I haven’t heard any report similar to this.
Do you mean if I set the content as
<div class=”wrap1″>
it is escaped on the output?1) Can you please share a screenshot of the shortcode edit page and the page URL where the shortcode is inserted?
2) can you please confirm if the user editing the the content has admin role?
Thanks,
AakashOctober 6, 2022 at 2:00 pm #11794dengeralParticipantHi Aakash,
I can confirm the above report. When using the code editor, there an issue with html entities encoding. Here is how it goes:
Hello to you & the "World"
is your initial input
Hello to you & the "World"e;
is what you get after saving
Hello to you &amp; the &quot;World&quote;
is what you get after updateUsing the text editor is my current workaround.
Before version 6.0, the code editor was looking like the text editor for us, and we had never care about it. I don’t know if it’s related, but we use the Classic editor plugin for other posts, in order to not have a visual editor.Hope this helps.
October 7, 2022 at 1:01 am #11800Aakash ChakravarthyKeymasterHi @dengeral,
Thanks for reporting. But I was unable to reproduce the issue with the examples you shared. Please see image below.
Can you please check if the user has “unfiltered_html” capability?
My guess is there is some plugin related to security or formatting tapping the content inbetween and making the modification like this. If you can try after disabling a potential plugin then that would be helpful.
I looked at the code and there are no clue. In v6.0 changes were done to filter out dangerous HTML if user does not have unfiltered_html capability.
Any clue on this would be helpful.
Thanks,
AakashOctober 7, 2022 at 1:37 pm #11815dengeralParticipantHi @admin,
To be sure we are on the same page, here is our experience:
I am using an administrator role on a single-site WP 6.0.2, so the unfiltered_html capability is normally allowed. And we were using shortcoder before without issue. That’s the upgrade to version 6, which has raised the issue, and my awareness that there is a code and a text editor. For existing shortcodes before upgrade, the content is messed up as soon as we open them, so indeed, that’s at opening time that the content is changed, and only if the code editor is the editor of the shortcode. My actual workaround is to update the _sc_editor metadata in the database to text for those.
We don’t use any special security related plugin, and I have checked our plugin list, tried to deactive some that I thought could be suspicious, like Classic Editor or HTML Editor Syntax Highlighter, and I still experience the same issue. Other plugins are really unrelated since they are frontend only.
When you say that version 6 filter dangerous HTML for users without unfiltered_html capability, does that include escaping ampersands ? In the hypothesis we are suffering from that, there is still a loop issue in such a prevention filter if it escapes
&
into&amp;
at each opening of the shortcode.I am sorry to not have better clues. Let me know if I can help further.
-
AuthorPosts
- You must be logged in to reply to this topic.