WordPress.org
Get WordPress

Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#22549 closed enhancement (wontfix)

Sanitize embedded external URLs

Reported by: johnbillion's profile johnbillion Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.5
Component: Media Keywords:
Focuses: Cc:

Description (last modified by johnbillion)

When you go to embed an external URL via the 'Embed From URL' tab in the new media modal, the URL is inserted as-is.

The user in this recent user interaction test by lessbloat pasted a URL into this box without overwriting the 'http://' placeholder and ended up with a mangled URL. Before inserting it into the post the URL should be sanitized via an AJAX call that runs it through esc_url_raw().

Related: #22548

Change History (5)

#1 @johnbillion
13 years ago

  • Description modified (diff)

#2 follow-up: @nacin
13 years ago

  • Milestone changed from Awaiting Review to 3.5

The linking dialog selects 'http://'. We should continue the same user interaction here.

#3 in reply to: ↑ 2 @koopersmith
13 years ago

Replying to nacin:

The linking dialog selects 'http://'. We should continue the same user interaction here.

We already do.

#4 @koopersmith
13 years ago

In the video, she clicks into the input and deselects the http:// before pasting.

#5 @nacin
13 years ago

  • Milestone 3.5 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

So it is.

I am going to close this as wontfix. But I am happy with a smarter routine across both dialogs in a future release.

Note: See TracTickets for help on using tickets.