[wp-trac] [WordPress Trac] #21974: esc_url() doesn't allow protocol-relative URLs with colons
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 23 01:04:59 UTC 2012
#21974: esc_url() doesn't allow protocol-relative URLs with colons
----------------------------+------------------
Reporter: SergeyBiryukov | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.5
Component: General | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+------------------
Comment (by SergeyBiryukov):
[attachment:21974.patch] only calls `wp_kses_bad_protocol()` if the URL
doesn't start with a slash. There's a similar detection earlier: [[BR]]
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-
includes/formatting.php#L2559
Perhaps `wp_kses_bad_protocol()` should be patched instead?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21974#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list