Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Code Block should not render embeds (or shortcodes) #13996
Fixes #13927 - "The Code Block renders embeds". As OP said:
Not only should block codes not render embeds, but also they should not render shortcodes.
How has this been tested?
I've reproduced the bug described in #13927.
The PR prevents shortcodes from running by changing an embed's opening character
It also prevents isolated URLs from becoming an embed by changing
Types of changes
Bug fix. In a code block:
requested review from
Feb 21, 2019
Part of me wonders if this is not something the server should be considering when evaluating whether to transform an embed or shortcode.
Namely, even after these changes, I'd still be able to produce fascinating results when manually crafting a post with the content:
<pre><code> https://www.youtube.com/watch?v=YuOBzWF0Aws </code></pre>
I agree. AFAIK, though, WordPress transforms embeds/shortcodes in the post content ignoring the fact that they might be in a block.
If you feel like tweaking code block's save method isn't a good idea, I'd recommend a different approach: run a filter in the post content with a higher priority and escape the characters before embed/shortcodes run. That is, doing the same this PR does, but in PHP and performing the escape on the fly (without committing them to the DB).
This alternative solution, however, would require a few more additional changes: we would also need to add a new filter or extend the blocks API so that developers could specify which blocks accept embed/shortcodes and which blocks don't.
So, how should I/we proceed?
I think as implemented here is fine.
Worth noting, however, that it relies on the specific behavior of
It's not strictly an issue, but may become problematic if the behavior changes over time. I might like to see some tests here to avoid future regressions to this point, or even just enhancing / adding additional variations to the existing code block fixtures:
Thanks for all the tips, @aduth. Finally, I've decided to follow a different approach.
Instead of escaping shortcode and link characters in
I think this solution fixes the issue that you said could arise in the future, and it's probably more elegant.
What do you think?
Apologies for the delay in revisiting this.
I think the general approach seems agreeable. There's certainly some prior art in this sort of "value dance", like seen in the preformatted block.
I observed an issue in testing this with a code block consisting of newlines + YouTube URL, noted in the review comments.
This looks great and works well in my testing
I'd considered whether overlap with the
Thanks for your patience in the reviews on this one.