WordPress.org

Make WordPress Core

Ticket #11040: 11040.diff

File 11040.diff, 903 bytes (added by scribu, 6 years ago)

Nest wp_strip_all_tags() in esc_attr() for page title

  • wp-includes/classes.php

     
    11871187 
    11881188                $css_class = implode(' ', apply_filters('page_css_class', $css_class, $page)); 
    11891189 
    1190                 $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . esc_attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>'; 
     1190                $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . esc_attr(wp_strip_all_tags(apply_filters('the_title', $page->post_title))) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>'; 
    11911191 
    11921192                if ( !empty($show_date) ) { 
    11931193                        if ( 'modified' == $show_date )