WordPress.org

Make WordPress Core

Ticket #43010: esc-attr-name.diff

File esc-attr-name.diff, 1.1 KB (added by joe_bopper, 2 years ago)
  • wp-includes/formatting.php

     
    39583958}
    39593959
    39603960/**
     3961 * Escaping for HTML attribute names.
     3962 *
     3963 * @since joe_bopper patch
     3964 *
     3965 * @param string $text
     3966 * @return string
     3967 */
     3968function esc_attr_name( $text ) {
     3969        $safe_text = wp_check_invalid_utf8( $text );
     3970        $safe_text = preg_replace( '/[\t\n\f \/>"\'=]+/', '_', $safe_text );
     3971        /**
     3972         * Filters a string cleaned and escaped for output as an HTML attribute name.
     3973         *
     3974         * Text passed to esc_attr_name() is stripped of invalid or special characters
     3975   * before output.
     3976         *
     3977         * @since joe_bopper patch
     3978         *
     3979         * @param string $safe_text The text after it has been escaped.
     3980         * @param string $text      The text prior to being escaped.
     3981         */
     3982        $safe_text = apply_filters( 'attribute_name_escape', $safe_text, $text );
     3983 
     3984  //Notably, an attribute name cannot be an empty string.
     3985  return $safe_text ? $safe_text : 'empty_string_supplied_as_attribute_name';
     3986}
     3987
     3988/**
    39613989 * Escaping for textarea values.
    39623990 *
    39633991 * @since 3.1.0