Opened 9 years ago
Last modified 5 years ago
#30597 new defect (bug)
wp_filter_post_kses mangles URLs with colons in them
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.0 |
Component: | Formatting | Keywords: | kses needs-unit-tests |
Focuses: | Cc: |
Description (last modified by )
Try to save this entirely valid post content:
<a href="/this/is/a/valid:link">watch what happens</a>
The KSES logic is overly aggressive and strips the URL. It's getting confused by the colon.
Might be related to #24663
Change History (7)
#3
@
9 years ago
- Keywords 2nd-opinion added
I disagree. Colons are reserved characters in the specification for URLs and we have important reasons for never allowing them. This ticket will need a 2nd opinion.
#4
@
9 years ago
That's interesting, I didn't know the colon was a reserved character. Why this comes up is the CakePHP MVC framework (http://book.cakephp.org/2.0/en/development/routing.html), which I used for plugin development, is prominently supporting these "named parameters" of key-value pairs in URLs, so I end up wanting to use them in links inside posts. Given the large size of the CakePHP community, I'm surprised to find that using them is bad practice.
Related: #21974, #23922.