id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
10056	href not sanitized in media uploader	Denis-de-Bernardy		"there are lines such as:

{{{
if ( !empty($_POST['insertonlybutton']) ) {
	$href = $_POST['insertonly']['href'];
if ( !empty($href) && !strpos($href, '://') )
	$href = ""http://$href"";
}}}

they should get an additional:

$href = esc_url_raw($href); // for the filter

and the link should use esc_url($href)"	defect (bug)	closed	high	2.9	Media	2.8	normal	fixed	has-patch