Make WordPress Core

Opened 6 years ago

Closed 6 weeks ago

Last modified 6 weeks ago

#12760 closed defect (bug) (duplicate)

Escaping shortcode conditionally

Reported by: pavelevap Owned by: markjaquith
Milestone: Priority: low
Severity: normal Version: 3.0
Component: Shortcodes Keywords: roadmap
Focuses: Cc:

Description (last modified by markjaquith)

Using additional brackets is the official way to "escape" a shortcode. e.g. [[escaped]]

Using additional brackets [[shortcode]] in a post works only when the plugin (function) for this shortcode is active. When deactivated, additional brackets are shown in the post. It is annoying for many users, because editors sometimes test a plugin, write about it in a post with shortcode example and after some months this plugin is deactivated. Now there will be additional brackets, breaking their example code.



Expected output, regardless of whether that plugin is active:


Actual output, if plugin is not active:


[edited by Mark Jaquith]

Attachments (2)

shortcodes.diff (834 bytes) - added by kunalb 6 years ago.
shortcodes.2.diff (2.5 KB) - added by azram19 5 years ago.

Download all attachments as: .zip

Change History (18)

comment:1 @markjaquith6 years ago

  • Description modified (diff)
  • Owner set to markjaquith
  • Status changed from new to assigned
  • Version changed from 2.9.2 to 3.0

@kunalb6 years ago

comment:2 @kunalb6 years ago

  • Cc kunalb added
  • Keywords has-patch added

I've attached a patch that takes care of any shortcodes of the form [[foobar]] left over after running all registered shortcode functions: I avoided changing the get_shortcode_regex function to allow for general tags because of the way the embed shortcode is handled (calling do_shortcode twice, once with only the embed as the shortcode to handle, and once after that).

Getting [shortcode]Text[/shortcode] to display required an escape of the form [[shortcode]Text[/shortcode]] ; so non-shortcodes of this form are reduced accordingly.

comment:3 @nacin5 years ago

  • Milestone changed from 3.0 to 3.1

comment:4 @hakre5 years ago

It makes sense to have something to escape shortcodes.

comment:5 @nacin5 years ago

  • Milestone changed from Awaiting Triage to Future Release
  • Priority changed from normal to low

comment:6 @markjaquith5 years ago

  • Cc markjaquith added
  • Keywords dev-feedback added

Good idea. Let's get some eyes on the patch.

@azram195 years ago

comment:7 @azram195 years ago

  • Cc azram19 added

I've attached a patch that adds escape_shortcode() and uses it to escape shortcodes of the form [[foobar]] and [[foo]bar[/foo]].

It also escapes [[embed]foobar[/embed]], which hasn't been escaped by the previous patch.

comment:8 @iseulde2 years ago

  • Component changed from General to Shortcodes

comment:9 @jdgrimes2 years ago

+1 - This can be very annoying. My temporary solution was to add the shortcode with, e.g., __return_false as the callback and use the built-in escaping.

comment:12 @miqrogroove13 months ago

  • Keywords has-patch removed

In shortcodes.diff I don't see how arbitrary corruption of HTML would be avoided. Just because someone uses square braces in their CDATA, URI, or other element, doesn't mean it's an unregistered shortcode.

In shortcodes.2.diff I don't see how shortcodes would even work anymore.

I agree the escaping system is somewhat nonsensical, but we need a more foolproof solution.

comment:13 @aaroncampbell4 months ago

  • Keywords close added

Honestly, I think that at this point we have to consider unregistered shortcodes to not be shortcodes at all. If you really need to use double brackets to escape unregistered shortcodes, just register them with add_shortcode( 'shortcode', '__return_empty_string' )

I'm not saying this is "best case scenario", but I do think it's where we are right now for backwards compat, keeping the regexes as sane as possible, etc.

comment:14 @miqrogroove7 weeks ago

  • Keywords roadmap added; dev-feedback close removed

I am working on a roadmap proposal to fix this with better shortcode syntax.

comment:15 @miqrogroove6 weeks ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate of #18558.

Just noticed we have two tickets for this.

comment:16 @pavelevap6 weeks ago

Yes, probably same ticket. I only emphasized displaying active and inactive shortcodes in posts (for example for tutorials)...

Note: See TracTickets for help on using tickets.