Sanitize embedded external URLs
|Reported by:||johnbillion||Owned by:|
Description (last modified by johnbillion)
When you go to embed an external URL via the 'Embed From URL' tab in the new media modal, the URL is inserted as-is.
The user in this recent user interaction test by lessbloat pasted a URL into this box without overwriting the 'http://' placeholder and ended up with a mangled URL. Before inserting it into the post the URL should be sanitized via an AJAX call that runs it through esc_url_raw().