Opened 2 years ago

Last modified 2 years ago

#15659 new defect (bug)

Entity escaping needed for comments list table

Reported by: brettz95 Owned by:
Priority: normal Milestone: Future Release
Component: Administration Version:
Severity: normal Keywords: has-patch
Cc:

Description

Perhaps only as a result of the fact that the URL will be truncated for display, it is possible that URLs will have entities in URLs such as & truncated, thereby creating a non-well-formed entity for application/xhtml+xml . The following patch fixes it (quotation escaping is not needed since this is element content).

This is an easy fix which I hope can be applied given that its lack breaks reviewing the important comments editing page. Thanks.

Attachments (3)

class-wp-comments-list-table.php.patch (661 bytes) - added by brettz95 2 years ago.
Simple patch to avoid non-well-formed XHTML
15659.preg.diff (717 bytes) - added by markjaquith 2 years ago.
15659.diff (691 bytes) - added by solarissmoke 2 years ago.

Download all attachments as: .zip

Change History (6)

brettz952 years ago

Simple patch to avoid non-well-formed XHTML

comment:1   scribu2 years ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.1

We prefer using the esc_*() functions instead of htmlentities().

markjaquith2 years ago

comment:2   markjaquith2 years ago

  • Milestone changed from 3.1 to Future Release

If you have something like ← you could end up with &la which looks strange. Alternate approach to trim unterminated entities from the end.

Punting to future.

solarissmoke2 years ago

comment:3   solarissmoke2 years ago

  • Keywords has-patch added

Why not use wp_html_excerpt()?

Note: See TracTickets for help on using tickets.