Opened 6 months ago

Closed 6 months ago

#22549 closed enhancement (wontfix)

Sanitize embedded external URLs

Reported by: johnbillion Owned by:
Priority: normal Milestone:
Component: Media Version: 3.5
Severity: minor Keywords:
Cc:

Description (last modified by johnbillion)

When you go to embed an external URL via the 'Embed From URL' tab in the new media modal, the URL is inserted as-is.

The user in this recent user interaction test by lessbloat pasted a URL into this box without overwriting the 'http://' placeholder and ended up with a mangled URL. Before inserting it into the post the URL should be sanitized via an AJAX call that runs it through esc_url_raw().

Related: #22548

Change History (5)

comment:1   johnbillion6 months ago

  • Description modified (diff)

comment:2 follow-up: ↓ 3   nacin6 months ago

  • Milestone changed from Awaiting Review to 3.5

The linking dialog selects 'http://'. We should continue the same user interaction here.

comment:3 in reply to: ↑ 2   koopersmith6 months ago

Replying to nacin:

The linking dialog selects 'http://'. We should continue the same user interaction here.

We already do.

comment:4   koopersmith6 months ago

In the video, she clicks into the input and deselects the http:// before pasting.

comment:5   nacin6 months ago

  • Milestone 3.5 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

So it is.

I am going to close this as wontfix. But I am happy with a smarter routine across both dialogs in a future release.

Note: See TracTickets for help on using tickets.