Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix escaping for non-admin authored posts #187

Merged
merged 2 commits into from
Feb 12, 2021
Merged

Fix escaping for non-admin authored posts #187

merged 2 commits into from
Feb 12, 2021

Conversation

yscik
Copy link
Contributor

@yscik yscik commented Jan 26, 2021

Fixes #159
Includes #182

Changes proposed in this Pull Request

  • Change shortcode escaping to html encoding, run after htmlspecialchars
  • Decode all HTML special characters to prevent double encoding

Testing instructions

  • Create a post with a non-administrator user
  • Add a Syntaxhighlighter block, with various code examples, and valid shortcodes, like this:
<?php echo 'Hello World'; ?> 

[gallery id="123" size="medium"] xxx [/gallery]
 
https://www.youtube.com/watch?v=21X5lGlDOfg
  • Publish & view on frontend. Ensure characters are displayed correctly.

@yscik yscik added this to the v3.5.6 milestone Jan 26, 2021
@yscik yscik requested a review from jom January 26, 2021 16:35
@yscik yscik mentioned this pull request Jan 26, 2021
Closed
jom
jom approved these changes Feb 10, 2021
View reviewed changes
Copy link
Member

@jom jom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this fixes the issue and seems to be okay for other things.

One side-effect I've seen of our oembed escape fix is that those URLs are not clickable, but that seems worth the tradeoff and probably quite rare.

@yscik yscik merged commit b7b51fa into master Feb 12, 2021
@yscik yscik deleted the fix/escape-non-admin branch February 12, 2021 13:54
@alexsanford alexsanford modified the milestones: v3.5.6, v3.6.0 Feb 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jom jom jom approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.6.0
Development

Successfully merging this pull request may close these issues.

> getting transformed to &gt;
3 participants
@yscik @jom @alexsanford