esc_url() does not escape and renders other functions buggy.

[hakre]

As written in the summary: get_image_send_to_editor() uses (as many other functions) the function esc_url() to escape (at least that is what the name suggests) and URI. But the function name is misleading. Because of the (no-) implementation of any kind of escaping in esc_url() but using clean_url() instead which filters out various characters by undocumented principles this deletes complete valid URIs instead of encoding them.

Example URL: http://192.168.2.106/wordpress-trunk/wp-content/uploads/2009/09/Auto-na-dálkové-ovládání.jpg is "escaped" into an empty string string '' (length=0) when used in esc_url().

This is a Blog with an output encoding set to UTF-8.

related: #10252

#10252 now got commited, which leaves this ticket now open.

the function esc_url() should follow the standards of URL escaping for ??!!. I do not know, what is the intended output of the function? Plain text UTF-8 encoded? Or is it to be used inside a html attribute like the value of href or src?

What are the ground laying RFC standardarisations we can refer to here?

This is caused by the xad strip. See #9823.

(In [12199]) Allow 0xAD in URI attributes. Props nbachiyski. fixes #9823 #10859