Opened 9 months ago

Closed 8 months ago

#21756 closed defect (bug) (fixed)

Escape i18n attributes as late as possible

Reported by: mfields Owned by:
Priority: normal Milestone: 3.5
Component: Bundled Theme Version:
Severity: normal Keywords: has-patch
Cc:

Description

The following code is found in multiple places in both Twenty Ten and Twenty Eleven:

printf( esc_attr__( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) )

While the value of the_title_attribute() is escaped before it is returned in this example, this code could be reworked to demonstrate the best practice of escaping as late as possible:

echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) ) )

Twenty Twelve is currently using code similar to the second example.

Attachments (2)

21756.diff (14.7 KB) - added by mfields 9 months ago.
Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.
21756.2.diff (12.4 KB) - added by lancewillett 8 months ago.
Fixes extra echo in content-gallery.php

Download all attachments as: .zip

Change History (7)

mfields9 months ago

Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.

comment:1   nacin8 months ago

  • Milestone changed from Awaiting Review to 3.5

comment:2   lancewillett8 months ago

In [22197]:

Twenty Ten: escape i18n attributes as late as possible, fixes cases in loop.php -- props mfields. See #21756.

comment:3   lancewillett8 months ago

Ran into a small issue with the patch, for Twenty Eleven — there's an extra echo in content-gallery.php that throws an error.

lancewillett8 months ago

Fixes extra echo in content-gallery.php

comment:4   lancewillett8 months ago

In [22199]:

Twenty Eleven: escape i18n attributes as late as possible, props mfields. See #21756.

comment:5   lancewillett8 months ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.