[wp-trac] [WordPress Trac] #24663: esc_url_raw() strips out square brackets in URLs
WordPress Trac
noreply at wordpress.org
Mon Jul 8 21:31:22 UTC 2013
#24663: esc_url_raw() strips out square brackets in URLs
--------------------------+-----------------------
Reporter: thomaswm | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.6
Component: HTTP | Version: 3.5.2
Severity: major | Resolution:
Keywords: |
--------------------------+-----------------------
Comment (by dd32):
> I wonder if we should actually avoid esc_url_raw() all together here and
let wp_kses_bad_protocol() do the work. dd32?
If wp_kses_bad_protocols() covers all of our bases here, then
esc_url_raw() would be unneeded obviously. It seems that we can probably
get away with not applying the strict URL-contains-bad-entities code which
esc_url_raw() has so it seems like a safe bet.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24663#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list