[wp-trac] [WordPress Trac] #28720: Shortcode Escaping Doesn't Work in Most Situations
WordPress Trac
noreply at wordpress.org
Tue Oct 28 19:59:56 UTC 2014
#28720: Shortcode Escaping Doesn't Work in Most Situations
--------------------------+------------------------------
Reporter: miqrogroove | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Shortcodes | Version: 3.3
Severity: normal | Resolution:
Keywords: close | Focuses:
--------------------------+------------------------------
Changes (by aaroncampbell):
* keywords: => close
Comment:
Let me take the issues in order:
'''Escaping only works for registered shortcodes.'''
I don't think we need to worry about this at all. Shortcodes that aren't
registered aren't shortcodes as far as I'm concerned.
'''Escaping was never made compatible with wptexturize'''
I'm not totally sure what you mean by this, but in my testing what I'm
seeing (and what I'm therefore assuming you mean) is that text inside a
possible shortcode isn't being texturized. So basically, you'd expect the
same output from these:
`[[video src="https://www.youtube.com/watch?v=1gVApvC20KQ"]]`
`[video src="https://www.youtube.com/watch?v=1gVApvC20KQ"]`
But in reality the latter gets curly quotes on the attribute and the
former doesn't. I'm really not sure how I feel about this one, but my
first reaction is that this is actually good behavior. It seems to me that
the reason for being able to escape a shortcode is mostly to allow someone
to display an example of how to enter that shortcode, and I actually think
curly quotes don't belong in that.
'''Most shortcode features never escape user input.'''
For this one, are there things besides square brackets that aren't getting
escaped and are causing problems? I do see that a `[` or `]` in a
shortcode attribute will break things, but I think #15694 can be used to
continue addressing that.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28720#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list