Skip to content

Fix custom URL HTML encoding in announcements (#249)#250

Merged
dgershman merged 1 commit intomainfrom
feature/announcement-custom-link-encoding-fix
Jan 25, 2026
Merged

Fix custom URL HTML encoding in announcements (#249)#250
dgershman merged 1 commit intomainfrom
feature/announcement-custom-link-encoding-fix

Conversation

@dgershman
Copy link
Contributor

@dgershman dgershman commented Jan 25, 2026
edited
Loading

Summary

  • Fixed custom URLs in announcement banners having ampersands (&) incorrectly HTML-encoded as &, causing links with query parameters to fail
  • Added regression test to prevent this issue from recurring
  • Added encoding guidelines to CLAUDE.md documenting the pattern for REST API data
  • Added composer lint:esc-url script to catch esc_url() usage in REST contexts

Root Cause

The resolve_event_ref() method in Announcement.php used esc_url() which encodes & to & for HTML contexts. When this passes through the REST API to JSON, it becomes &.

Fix: Changed to esc_url_raw() which preserves & characters while still providing the same security (protocol validation, dangerous character removal).

Test plan

  • All 514 PHPUnit tests pass (including new regression test)
  • Create announcement with custom link containing query params (e.g., https://httpbin.org/get?foo=1&bar=2)
  • Verify link works correctly on frontend
  • Verify REST API response shows literal & not &

Fixes #249

🤖 Generated with Claude Code

@dgershman @claude
Fix custom URL HTML encoding in announcements (#249)
e26e7dd 
Custom URLs with query parameters (containing &) were being HTML-encoded
as & when passed through the REST API, breaking links.

Changes:
- Use esc_url_raw() instead of esc_url() in resolve_event_ref()
- Add regression test for URL query parameter preservation
- Add encoding guidelines to CLAUDE.md to prevent future issues
- Add lint:esc-url script to check for esc_url() in REST contexts
- Bump version to 1.8.6

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@dgershman dgershman merged commit 995a3ff into main Jan 25, 2026
3 checks passed
@dgershman dgershman deleted the feature/announcement-custom-link-encoding-fix branch January 25, 2026 18:03
@Redguy1959 Redguy1959 mentioned this pull request Jan 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BUG: Custom URL in Announcement adding some html encoding which causes link to fail

1 participant

@dgershman