[wp-trac] [WordPress Trac] #22549: Sanitize embedded external URLs
WordPress Trac
noreply at wordpress.org
Fri Nov 23 00:19:18 UTC 2012
#22549: Sanitize embedded external URLs
-------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: trunk
Severity: minor | Resolution:
Keywords: |
-------------------------+------------------------------
Description changed by johnbillion:
Old description:
> When you go to embed an external URL via the 'Embed From URL' tab in the
> new media modal, the URL is inserted as-is.
>
> The user in [http://make.wordpress.org/ui/2012/11/14/to-change-things-
> up-i-tested-a-different/ this recent user interaction test by lessbloat]
> pasted a URL into this box without overwriting the 'http://' placeholder
> and ended up with a mangled URL. Before inserting it into the post the
> URL should be sanitized via an AJAX call that runs it through
> `esc_url_raw()`.
>
> Related: #22548
New description:
When you go to embed an external URL via the 'Embed From URL' tab in the
new media modal, the URL is inserted as-is.
The user in [http://make.wordpress.org/ui/2012/11/14/to-change-things-
up-i-tested-a-different/ this recent user interaction test by lessbloat]
pasted a URL into this box without overwriting the '`http://`' placeholder
and ended up with a mangled URL. Before inserting it into the post the URL
should be sanitized via an AJAX call that runs it through `esc_url_raw()`.
Related: #22548
--
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22549#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list