From d2e6ed68961bd40912ecd60f7e6a43ef112b46b9 Mon Sep 17 00:00:00 2001
From: tellyworth <alex@automattic.com>
Date: Mon, 2 Oct 2023 18:59:24 +1100
Subject: [PATCH] Use `esc_url()` when constructing the href for the post-title
 block (#53981)

---
 packages/block-library/src/post-title/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/block-library/src/post-title/index.php b/packages/block-library/src/post-title/index.php
index 8b0e431b3a8be4..d0eef8572ba139 100644
--- a/packages/block-library/src/post-title/index.php
+++ b/packages/block-library/src/post-title/index.php
@@ -38,7 +38,7 @@ function render_block_core_post_title( $attributes, $content, $block ) {
 
 	if ( isset( $attributes['isLink'] ) && $attributes['isLink'] ) {
 		$rel   = ! empty( $attributes['rel'] ) ? 'rel="' . esc_attr( $attributes['rel'] ) . '"' : '';
-		$title = sprintf( '<a href="%1$s" target="%2$s" %3$s>%4$s</a>', get_the_permalink( $block->context['postId'] ), esc_attr( $attributes['linkTarget'] ), $rel, $title );
+		$title = sprintf( '<a href="%1$s" target="%2$s" %3$s>%4$s</a>', esc_url( get_the_permalink( $block->context['postId'] ) ), esc_attr( $attributes['linkTarget'] ), $rel, $title );
 	}
 
 	$classes = array();