id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
19877	wp_kses_stripslashes() should account for single quotes too	ethitter		"Right now, wp_kses_stripslashes() only removes slashes before double quotes, but should do the same for single quotes. 

For example, if wp_kses() is applied to the following string (assuming <script> tags are permitted), the <script> tag's attributes are removed:

<script type='text/javascript' src='foo.js'></script>


If the single quotes are switched to double quotes, the attributes are properly sanitized against the list of allowed tags passed to wp_kses(). Updating wp_kses_stripslashes() to account for both types of quotes eliminates the need to strip slashes before applying wp_kses()."	defect (bug)	new	normal	Awaiting Review	Formatting	3.3.1	normal		has-patch close	mdhansen@…