Opened 11 years ago
Closed 11 years ago
#26569 closed defect (bug) (fixed)
URLs exported to JavaScript in Customizer settings get double-encoded
Reported by: | westonruter | Owned by: | ocean90 |
---|---|---|---|
Milestone: | 3.9 | Priority: | normal |
Severity: | normal | Version: | 3.4 |
Component: | Customize | Keywords: | has-patch |
Focuses: | Cc: |
Description
The Customizer currently fails to load URLs into the preview if they contains multiple query parameters.
For example, to preview in Customizer this URL: http://src.wordpress-develop.dev/?foo=bar&bar=baz
One would navigate to: http://src.wordpress-develop.dev/wp-admin/customize.php?url=http%3A%2F%2Fsrc.wordpress-develop.dev%2F%3Ffoo%3Dbar%26bar%3Dbaz
Upon loading up the customizer, however, you may inspect the wp.customize.settings.url.preview
in the browser console and see that its value is: http://src.wordpress-develop.dev/?foo=bar&bar=baz
Notice how the &
gets HTML-escaped. This is because customize.php is using esc_url
for values being added to an array which is exported to JavaScript via json_encode
. Instead of esc_url
, the esc_url_raw
function should be used instead.
Attachments (3)
Change History (8)
#3
@
11 years ago
- Owner set to ocean90
- Status changed from new to assigned
Seems fine to me. Would want to double-check how this URL gets used in JS.
Use esc_url_raw() instead of esc_url()