[wp-trac] [WordPress Trac] #26569: URLs exported to JavaScript in Customizer settings get double-encoded
WordPress Trac
noreply at wordpress.org
Thu Dec 12 10:53:19 UTC 2013
#26569: URLs exported to JavaScript in Customizer settings get double-encoded
--------------------------+-----------------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Appearance | Version: 3.4
Severity: normal | Keywords:
--------------------------+-----------------------------
The Customizer currently fails to load URLs into the preview if they
contains multiple query parameters.
For example, to preview in Customizer this URL: `http://src.wordpress-
develop.dev/?foo=bar&bar=baz`
One would navigate to: `http://src.wordpress-develop.dev/wp-
admin/customize.php?url=http%3A%2F%2Fsrc.wordpress-
develop.dev%2F%3Ffoo%3Dbar%26bar%3Dbaz`
Upon loading up the customizer, however, you may inspect the
`wp.customize.settings.url.preview` in the browser console and see that
its value is: `http://src.wordpress-develop.dev/?foo=bar&bar=baz`
Notice how the `&` gets HTML-escaped. This is because customize.php is
using `esc_url` for values being added to an array which is exported to
JavaScript via `json_encode`. Instead of `esc_url`, the `esc_url_raw`
function should be used instead.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26569>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list