Make WordPress Core


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/script-loader.php

    r4970 r5007  
    151151                    $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
    152152                    $src = add_query_arg('ver', $ver, $src);
    153                     $src = apply_filters( 'script_loader_src', $src );
     153                    $src = attribute_escape(apply_filters( 'script_loader_src', $src ));
    154154                    echo "<script type='text/javascript' src='$src'></script>\n";
    155155                    $this->print_scripts_l10n( $handle );
Note: See TracChangeset for help on using the changeset viewer.