Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#3808 closed defect (bug) (worksforme)

URI for preview pane in post template contains unescaped ampersand

Reported by: ara_p Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: Administration Keywords: amp entity
Focuses: Cc:


The URI passed to the preview pane in the post template contains an unescaped ampersand. This normally doesn't cause people a problem but in situations where the site pages are delivered as XML (using the application/xhtml+xml MIME type) the preview breaks due to the unescaped character.

The bug can be found in /wp-admin/post.php (line 84):
<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', ...

Change History (3)

#1 @ara_p
15 years ago

  • Version changed from 2.0.6 to 2.1

#2 @foolswisdom
15 years ago

  • Milestone set to 2.2

#3 @markjaquith
15 years ago

  • Milestone 2.2 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

attribute_escape() takes care of that, encoding to &#038;

Checked /branches/2.0/, /branches/2.1/, and /trunk/ and all use attribute_escape() there.

Note: See TracTickets for help on using tickets.