Make WordPress Core


Ignore:
Timestamp:
11/12/2009 02:37:28 AM (15 years ago)
Author:
markjaquith
Message:

Some extra XSS protection. Redundant, but we should always escape late! see #11119

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/press-this.php

    r12168 r12169  
    583583                        if ( $selection )
    584584                            _e('via ');
    585                         echo "<a href='$url'>$title</a>.</p>";
     585                        printf( "<a href='%s'>%s</a>.</p>", esc_url( $url ), esc_html( $title ) );
    586586                    }
    587587                ?></textarea>
Note: See TracChangeset for help on using the changeset viewer.