Make WordPress Core

Changeset 51927


Ignore:
Timestamp:
10/22/2021 04:08:10 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Escape id attributes in WP_Customize_Control::render_content() and ::print_template().

Follow-up to [30014], [38906].

Props sabbirshouvo.
See #54295.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-control.php

    r51518 r51927  
    633633                    </button>
    634634                    <div class="new-content-item">
    635                         <label for="create-input-<?php echo $this->id; ?>"><span class="screen-reader-text"><?php _e( 'New page title' ); ?></span></label>
    636                         <input type="text" id="create-input-<?php echo $this->id; ?>" class="create-item-input" placeholder="<?php esc_attr_e( 'New page title&hellip;' ); ?>">
     635                        <label for="create-input-<?php echo esc_attr( $this->id ); ?>"><span class="screen-reader-text"><?php _e( 'New page title' ); ?></span></label>
     636                        <input type="text" id="create-input-<?php echo esc_attr( $this->id ); ?>" class="create-item-input" placeholder="<?php esc_attr_e( 'New page title&hellip;' ); ?>">
    637637                        <button type="button" class="button add-content"><?php _e( 'Add' ); ?></button>
    638638                    </div>
     
    676676    final public function print_template() {
    677677        ?>
    678         <script type="text/html" id="tmpl-customize-control-<?php echo $this->type; ?>-content">
     678        <script type="text/html" id="tmpl-customize-control-<?php echo esc_attr( $this->type ); ?>-content">
    679679            <?php $this->content_template(); ?>
    680680        </script>
Note: See TracChangeset for help on using the changeset viewer.