The article shouldn't get saved with the script tag.
The article getting saved with the script tag and the script is getting executed on user side.
PHP 7.2
Joomla 4.0.0-alpha12-dev
Let's ask the experts @zero-24 @SniperSister.
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-12-12 07:54:30 |
Closed_By | ⇒ | joomla-cms-bot |
Status | Closed | ⇒ | Expected Behaviour |
Closed_By | joomla-cms-bot | ⇒ | alikon |
Set to "closed" on behalf of @alikon by The JTracker Application at issues.joomla.org/joomla-cms/27196
expected behaviour
As far as I can tell, this only bypasses editor's client-side validation. If I had to guess you did this as a Super User and Super Users are actually allowed to insert Javascript in editor text by default (regarding server-side filtering).
I also tried this as Editor and it saved only
<svg />
. So server-side filtering seems to work fine.