[wp-trac] [WordPress Trac] #46316: wp_targeted_link_rel corrupts JSON content
WordPress Trac
noreply at wordpress.org
Fri Feb 22 12:41:30 UTC 2019
#46316: wp_targeted_link_rel corrupts JSON content
--------------------------+-----------------------------
Reporter: TobiasBg | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 5.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In [43732], via #43187, a `wp_targeted_link_rel` callback was added to
filter content before it's saved to the database.
This has broken and [https://wordpress.org/support/topic/wp-5-1-support/
corrupted] JSON data in the TablePress plugin. (TablePress uses a CPT in
which it stores a JSON-encoded two-dimensional array.)
If a cell of that array contains a link with a `target` attribute, like
`<a href="https://example.com/" target="_blank">link</a>`,
this gets converted and saved as
`<a href=\"https://example.com/\" target=\"_blank\" rel="noopener
noreferrer">link</a>`
with the `rel="noopener noreferrer"` attribute being added but without
espacing of `"`. This results in the JSON being invalid when read again.
This already caused problems for core, in #45292, with the result of the
filter being removed temporarily via [44714].
I could apply the same "fix" around the saving process in TablePress,
however the issue also appears to native core screens of the CPT. Also, as
this feature is somewhat security-related, and turning it off would not be
the favorable choice.
I strongly assume that this also affects other places where stored JSON
code (with HTML code for a link inside) is handled by
`wp_targeted_link_rel`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46316>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list