[wp-trac] [WordPress Trac] #56346: Youtube oembed with double quotes in title breaks html
WordPress Trac
noreply at wordpress.org
Sun Aug 7 17:51:48 UTC 2022
#56346: Youtube oembed with double quotes in title breaks html
--------------------------+-----------------------------
Reporter: matiyin | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version: 6.0
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Steps to reproduce:
1. Navigate to `Post > Add New`.
2. Paste the following link: `https://www.youtube.com/watch?v=DLQg3Tw4bDc`
3. Click Preview.
4. 🐞 Notice that the iframe produced by the oembed breaks on double
quotes in the title, because the title is not escaped. See screenshots.
The bug was already present in previous versions, at least down to 5.8.x.
Normally it's not a 'showstopper' because the browser handles the broken
html well, but it's not clean and correct.
I noticed because I'm using the REST API to build a static js site, and
the build breaks on the error "invalid html detected". Searched the break
and found it was caused by this youtube video embed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56346>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list