WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/16/2012 08:59:02 PM (9 years ago)
Author:
koopersmith
Message:

Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize-setting.php

    r20783 r20809  
    232232
    233233    /**
     234     * Escape the parameter's value for use in JavaScript.
     235     *
     236     * @since 3.4.0
     237     *
     238     * @return mixed The requested escaped value.
     239     */
     240    public function js_value() {
     241        $value = $this->value();
     242
     243        if ( is_string( $value ) )
     244            return html_entity_decode( $value, ENT_QUOTES, 'UTF-8');
     245
     246        return $value;
     247    }
     248
     249    /**
    234250     * Check if the theme supports the setting and check user capabilities.
    235251     *
Note: See TracChangeset for help on using the changeset viewer.