[wp-trac] [WordPress Trac] #22549: Sanitize embedded external URLs
WordPress Trac
noreply at wordpress.org
Fri Nov 23 00:19:01 UTC 2012
#22549: Sanitize embedded external URLs
-----------------------------+-------------------------
Reporter: johnbillion | Type: enhancement
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Media
Version: trunk | Severity: minor
Keywords: |
-----------------------------+-------------------------
When you go to embed an external URL via the 'Embed From URL' tab in the
new media modal, the URL is inserted as-is.
The user in [http://make.wordpress.org/ui/2012/11/14/to-change-things-
up-i-tested-a-different/ this recent user interaction test by lessbloat]
pasted a URL into this box without overwriting the 'http://' placeholder
and ended up with a mangled URL. Before inserting it into the post the URL
should be sanitized via an AJAX call that runs it through `esc_url_raw()`.
Related: #22548
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22549>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list