From 203c44581bed51e0533b7f3365c79dad07de1ea9 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <dominikschilling+git@gmail.com>
Date: Fri, 1 Aug 2014 22:34:15 +0000
Subject: [PATCH] To improve troubleshooting use `esc_html()` for a failed
 embed.

see #28195.
Built from https://develop.svn.wordpress.org/trunk@29354


git-svn-id: http://core.svn.wordpress.org/trunk@29130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/ajax-actions.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
index 55661dd692..0e7394f5c8 100644
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -2655,7 +2655,7 @@ function wp_ajax_parse_embed() {
 	if ( ! $parsed ) {
 		wp_send_json_error( array(
 			'type' => 'not-embeddable',
-			'message' => sprintf( __( '%s failed to embed.' ), '<code>' . esc_url( $url ) . '</code>' ),
+			'message' => sprintf( __( '%s failed to embed.' ), '<code>' . esc_html( $url ) . '</code>' ),
 		) );
 	}
 
@@ -2685,7 +2685,7 @@ function wp_ajax_parse_embed() {
 		// Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked.
 		wp_send_json_error( array(
 			'type' => 'not-ssl',
-			'message' => sprintf( __( 'Preview not available. %s cannot be embedded securely.' ), '<code>' . esc_url( $url ) . '</code>' ),
+			'message' => sprintf( __( 'Preview not available. %s cannot be embedded securely.' ), '<code>' . esc_html( $url ) . '</code>' ),
 		) );
 	}
 
@@ -2723,4 +2723,4 @@ function wp_ajax_parse_media_shortcode() {
 	}
 
 	wp_send_json_success( ob_get_clean() );
-}
\ No newline at end of file
+}