Merge pull request #1083 from Codeinwp/bugfix/optimole-service/1711

Escaped URLs to prevent XSS

Author: vytisbulkevicius

inc/url_replacer.php

@@ -163,6 +163,10 @@ public function build_url(
 			$url = sprintf( '%s://%s', is_ssl() ? 'https' : 'http', $url );
 		}
 		$normalized_ext = strtolower( $ext );
+		$url = esc_url( $url );
+		if ( empty( $url ) ) {
+			return $original_url;
+		}
 		if ( isset( Optml_Config::$image_extensions[ $normalized_ext ] ) ) {
 			$new_url = $this->normalize_image( $url, $original_url, $args, $is_uploaded, $normalized_ext );
 			if ( $is_uploaded ) {