Opened 2 years ago
Last modified 19 months ago
#54753 new defect (bug)
Wrong post content when uploading raw post data via REST API when html data url is used
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 5.8.2 |
| Component: | REST API | Keywords: | |
| Focuses: | rest-api | Cc: |
Description
I want to make use of data URLs in my post:
https://en.wikipedia.org/wiki/Data_URI_scheme
https://napuzba.com/data-url/
So I've added the following html to a post:
<a href="data:text/plain,I am text file" download="a2.txt">Download text file 2</a>
Now I want to upload this html via REST API, and the rest API just filters out the "data:" part and the "download="a2.txt":
<a href="text/plain,I am text file">Download text file 2</a>
I made sure, that I am also uploading the post with the edit context, but that does not help. I also tried to url encode all content, so my test case is also not faulty. No luck. This is my curl:
curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=<a href="data:text/plain,I am text file" download="a2.txt">Download text file 2</a>'
curl -X POST https://example.com/wp-json/wp/v2/posts/ -u 'user:password' -d 'title=test&status=draft&context=edit&content=%3Ca%20href%3D%22data%3Atext%2Fplain%2CI%20am%20text%20file%22%20download%3D%22a2.txt%22%3EDownload%20text%20file%202%3C%2Fa%3E'
Is there a way to disable this filtering of my html? If not, it might be a bug?
The reason for this issue is the privileges of the uploading user. He must be at least a "Redakteur" (the role below admin).
It would be nice to set those permissions more fine grained.