Make WordPress Core

Opened 22 months ago

Last modified 22 months ago

#56346 new defect (bug)

Youtube oembed with double quotes in title breaks html

Reported by: matiyin's profile matiyin Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Embeds Keywords:
Focuses: Cc:

Description

Steps to reproduce:

  1. Navigate to Post > Add New.
  2. Paste the following link: https://www.youtube.com/watch?v=DLQg3Tw4bDc
  3. Click Preview.
  4. 🐞 Notice that the iframe produced by the oembed breaks on double quotes in the title, because the title is not escaped. See screenshots.

The bug was already present in previous versions, at least down to 5.8.x.

Normally it's not a 'showstopper' because the browser handles the broken html well, but it's not clean and correct.
I noticed because I'm using the REST API to build a static js site, and the build breaks on the error "invalid html detected". Searched the break and found it was caused by this youtube video embed.

Attachments (2)

yt_oembed_block_output.jpg (320.7 KB) - added by matiyin 22 months ago.
youtube oembed block breaks html already in gutenberg editor
yt_oembed_rest_output.jpg (111.1 KB) - added by matiyin 22 months ago.
example of REST api output with broken html

Download all attachments as: .zip

Change History (5)

@matiyin
22 months ago

youtube oembed block breaks html already in gutenberg editor

@matiyin
22 months ago

example of REST api output with broken html

#1 follow-up: @peterwilsoncc
22 months ago

Hi @matiyin and welcome to trac!

This appears to be a YouTube bug in the HTML they provide when embedding a video. YouTube provide the HTML in a URL on their site that WordPress then uses.

I've sent some feedback to YouTube via their site but will keep this ticket open until I hear back. If I don't hear back this week, I'll see if I can get in touch via another channel.

Thanks for the report!

#2 in reply to: ↑ 1 @matiyin
22 months ago

Replying to peterwilsoncc:

Hi @matiyin and welcome to trac!

This appears to be a YouTube bug in the HTML they provide when embedding a video. YouTube provide the HTML in a URL on their site that WordPress then uses.

I've sent some feedback to YouTube via their site but will keep this ticket open until I hear back. If I don't hear back this week, I'll see if I can get in touch via another channel.

Thanks for the report!

Ha! Who would have thought... thanks for relaying it to Youtube @peterwilsoncc!

#3 @audrasjb
22 months ago

  • Version 6.0 deleted
Note: See TracTickets for help on using tickets.