Make WordPress Core

Opened 5 years ago

Last modified 7 months ago

#12760 assigned defect (bug)

Escaping shortcode conditionally

Reported by: pavelevap Owned by: markjaquith
Milestone: Future Release Priority: low
Severity: normal Version: 3.0
Component: Shortcodes Keywords: dev-feedback
Focuses: Cc:

Description (last modified by markjaquith)

Using additional brackets is the official way to "escape" a shortcode. e.g. [[escaped]]

Using additional brackets [[shortcode]] in a post works only when the plugin (function) for this shortcode is active. When deactivated, additional brackets are shown in the post. It is annoying for many users, because editors sometimes test a plugin, write about it in a post with shortcode example and after some months this plugin is deactivated. Now there will be additional brackets, breaking their example code.



Expected output, regardless of whether that plugin is active:


Actual output, if plugin is not active:


[edited by Mark Jaquith]

Attachments (2)

shortcodes.diff (834 bytes) - added by kunalb 5 years ago.
shortcodes.2.diff (2.5 KB) - added by azram19 4 years ago.

Download all attachments as: .zip

Change History (14)

comment:1 @markjaquith5 years ago

  • Description modified (diff)
  • Owner set to markjaquith
  • Status changed from new to assigned
  • Version changed from 2.9.2 to 3.0

@kunalb5 years ago

comment:2 @kunalb5 years ago

  • Cc kunalb added
  • Keywords has-patch added

I've attached a patch that takes care of any shortcodes of the form [[foobar]] left over after running all registered shortcode functions: I avoided changing the get_shortcode_regex function to allow for general tags because of the way the embed shortcode is handled (calling do_shortcode twice, once with only the embed as the shortcode to handle, and once after that).

Getting [shortcode]Text[/shortcode] to display required an escape of the form [[shortcode]Text[/shortcode]] ; so non-shortcodes of this form are reduced accordingly.

comment:3 @nacin5 years ago

  • Milestone changed from 3.0 to 3.1

comment:4 @hakre4 years ago

It makes sense to have something to escape shortcodes.

comment:5 @nacin4 years ago

  • Milestone changed from Awaiting Triage to Future Release
  • Priority changed from normal to low

comment:6 @markjaquith4 years ago

  • Cc markjaquith added
  • Keywords dev-feedback added

Good idea. Let's get some eyes on the patch.

@azram194 years ago

comment:7 @azram194 years ago

  • Cc azram19 added

I've attached a patch that adds escape_shortcode() and uses it to escape shortcodes of the form [[foobar]] and [[foo]bar[/foo]].

It also escapes [[embed]foobar[/embed]], which hasn't been escaped by the previous patch.

comment:8 @iseulde20 months ago

  • Component changed from General to Shortcodes

comment:9 @jdgrimes18 months ago

+1 - This can be very annoying. My temporary solution was to add the shortcode with, e.g., __return_false as the callback and use the built-in escaping.

comment:12 @miqrogroove7 months ago

  • Keywords has-patch removed

In shortcodes.diff I don't see how arbitrary corruption of HTML would be avoided. Just because someone uses square braces in their CDATA, URI, or other element, doesn't mean it's an unregistered shortcode.

In shortcodes.2.diff I don't see how shortcodes would even work anymore.

I agree the escaping system is somewhat nonsensical, but we need a more foolproof solution.

Note: See TracTickets for help on using tickets.