[wp-trac] [WordPress Trac] #11311: kses converts ampersands to & in post titles, post content, and more (was: Low access users get their ampersands escaped in post titles)

[WordPress Trac]

#11311: kses converts ampersands to & in post titles, post content, and more
----------------------------+-----------------------------------------------
 Reporter:  Viper007Bond    |       Owner:                  
     Type:  defect (bug)    |      Status:  new             
 Priority:  normal          |   Milestone:  Future Release  
Component:  Administration  |     Version:  2.9             
 Severity:  normal          |    Keywords:  needs-patch gsoc
----------------------------+-----------------------------------------------

Comment(by Viper007Bond):

 This applies to more than just post titles.

 Write a post as an author or some other low access user. Here's some
 sample content to use when doing so:

 {{{
 Here's a foo & apple test:

 http://www.youtube.com/watch?v=nTDNLUzjkpg&hd=1
 }}}

 After saving the post, you'll end up with this:

 {{{
 Here's a foo & apple test:

 http://www.youtube.com/watch?v=nTDNLUzjkpg&hd=1
 }}}

 Why don't we do this on display instead of save? It currently results in
 stuff like the `&`'ed URL being sent to oEmbed providers:

 {{{
 http://www.youtube.com/oembed?maxwidth=640&maxheight=600&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DnTDNLUzjkpg%26amp%3Bhd%3D1&format=json
 }}}

 Thankfully YouTube seems to be smart, but we shouldn't rely on that.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11311#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software