dsgsdg206050 2016-05-04 16:39
浏览 30

Wordpress内联Javascript Unescape

Ok, so I have a feed which is used to create posts on Wordpress.

At the bottom of the content tag, there is a simple Google Analytics script which sends a page view to Google. This all works fine when there isn't an "'" in the title tag but when there is an "'" it gets unescaped.

The feed pipes down this:

<script type="text/javascript"><!--
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX', 'auto', {'name': 'feed'});
ga('feed.set', 'referrer', location.origin);
ga('feed.send', 'pageview', { 'location': location.href, 'page': (location.pathname + location.search + location.hash), 'title': 'This is my title \'with an \' in it'});
//--></script>

Which gets changed to this:

<script type="text/javascript"><!--
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
    ga('create', 'UA-XXXXXXXX', 'auto', {'name': 'feed'});
    ga('feed.set', 'referrer', location.origin);
    ga('feed.send', 'pageview', { 'location': location.href, 'page': (location.pathname + location.search + location.hash), 'title': 'This is my title 'with an ' in it'});
    //--></script>

Which obviously causes me a syntax error because of the title string.

I have kses set to allow script tags, and I can manually add in the escape character to the javascript string in the wordpress content editor.

I have also added a small debugger to the wp_insert_post() method which shows that the content is fine prior to the insert statement after being sanitized etc. But then straight after save is changed?

Is there a default after content save filter which could be causing me this issue?

Thanks in advance

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 如何在scanpy上做差异基因和通路富集?
    • ¥20 关于#硬件工程#的问题,请各位专家解答!
    • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
    • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
    • ¥30 截图中的mathematics程序转换成matlab
    • ¥15 动力学代码报错,维度不匹配
    • ¥15 Power query添加列问题
    • ¥50 Kubernetes&Fission&Eleasticsearch
    • ¥15 報錯:Person is not mapped,如何解決?
    • ¥15 c++头文件不能识别CDialog