Incompatibility between digress.it and WP-recaptcha

[GoogleCodeExporter]

What steps will reproduce the problem?
1. As a NOT LOGGED IN user click on any post (not page - pages are not 
effected) on a blog with both digress.it and WP-recaptcha installed. 

What is the expected output? What do you see instead?

You would expect the posts to load and be able to read and comment on posts. 

What happens:

In Firefox:
Posts (whether or not they have comments attached) begin to load (a small flash 
of the loaded page is seen) but then the page becomes blank and, according to 
the status bar, the browser attempts to redirect to Google with the text "Read 
google.com". The page never completes loading and the page source remains blank 
making detection of the cause of the error problematic.

At first it seemed that this could be a cross-site scripting (XSS) issue but 
this does not seem to be the case particularly as all posts are effected and no 
spam comments or other dubious input appears to have been published. 

Examining the digress.it page source for both pages and blog posts it appears a 
number of scripts are triggered at the point of loading each post - these are 
to do with creating the digress.it comments menus but may also be part of the 
reason for the incompatibility/error.

The additional reason for doubting an XSS issue is that the problem appears 
differently in Internet Explorer:

In Internet Explorer:

Posts (whether or not they have comments) appear to load correctly but the 
status bar shows the yellow triangle and accompanying "error!" message. Once 
this is clicked the browser reports that there is an unexpected character at a 
very high line number (around line 650000 or similar) which is significantly 
inconsistent with the amount of data in the post being viewed and the number of 
lines that appear on screen. 

What version of the product are you using? On what operating system?
- Wordpress version: 3.0.4 (current version inc. recent security patch)
- Digress.it plugin version: 2.3.2 
- WP-recaptcha plugin version: 2.9.8.2 

Please provide any additional information below.

This problem does not effect pages. It is only viewable if you are not logged 
in to the blog. Logged in users encounter no error. 

We have found that we can resolve the issue of the pages loading incorrectly by 
deactivating the WP-recaptcha plugin for the blog effected. This is, however, a 
problematic fix as it opens up the blog for potential spam comments (causing 
additional moderation work and potential vulnerability to attack). 

The blog on which this problem occured also uses the More Privacy Options 
plugin and is set to be public. There does not appear to be any problematic 
interplay between digress.it and this plugin but, for reference, the privacy 
level for this blog is:
"I would like my site to be visible to everyone, including search engines (like 
Google, Bing, Technorati) and archivers". 

We are happy to provide any further information that may help resolve this 
issue. 

Many thanks, 

Nicola Osborne, 
EDINA Social Media Officer

Original issue reported on code.google.com by nkl.osbo...@gmail.com on 12 Jan 2011 at 11:27

[GoogleCodeExporter]

Thank you for the report. I am looking into this right now.

Original comment by eddie.tejeda on 18 Jan 2011 at 10:22

• Changed state: Accepted

[GoogleCodeExporter]

Original comment by eddie.tejeda on 18 Jan 2011 at 10:22

[GoogleCodeExporter]

Original comment by eddie.tejeda on 22 Feb 2011 at 10:57

• Added labels: Milestone-Release3.1

[GoogleCodeExporter]

Original comment by eddie.tejeda on 25 May 2011 at 6:20

• Removed labels: Milestone-Release3.1