Question: Why are shortcodes from the post content evaluated on the block editor page?

[ktmn]

When you create a shortcode:

add_shortcode('exit', function() {
    exit;
});

and add it to the classic editor, then the editor keeps working fine, but on the front end the site breaks, as expected.

But if you add the [exit] shortcode to block editor, then the block editor breaks as well.

Why are shortcodes evaluated in the back end when it didn't used to be the case?

[iandunn]

I just noticed -- and was surprised by -- this as well.

I don't think plugin developers have the expectation that shortcodes will be executed on the Edit Post screen, so it seems like this could lead to some unexpected side effects.

It looks like it's triggered by rest_preload_api_request(), which eventually calls prepare_item_for_response(), which applies the the_content filter, calls do_shortcode().

It seems like unhooking the do_shortcode callback before calling rest_preload_api_request() might be a good idea, and then adding it back after.

In the meantime, devs can work around with something like this at the top of the shortcode callback:

if ( is_admin() ) {
    return;
}

[aduth]

As observed by @iandunn , this occurs during preloading of the post data as part of the editor initialization, since a response on the /wp/v2/posts/[id]?context=edit endpoint will evaluate the_content as part of its assignment of content.rendered. The editor does not need this field, and as of WordPress 5.3 with nested fields filtering, there are now options which could enable us to prevent it from being assigned, thus avoiding side-effects of the_content rendering such as that described in this issue.

There is another issue at #18988 which describes this effort. In order to keep this discussion consolidated, I am going to close this issue in favor of that one, which should serve as a solution to the broader issue.

That being said, it's worth pointing out that this is the default behavior when requesting posts data from the REST API when providing a ?context=edit parameter. Even with potential changes from #18988, if there would be an explicit data need for the content.rendered field, it would be expected that shortcodes will evaluate.