Make WordPress Core

Changeset 54526


Ignore:
Timestamp:
10/17/2022 11:24:08 AM (2 years ago)
Author:
audrasjb
Message:

Customize: Escape blogname option in underscores templates.

Props xknown, martinkrcho.

Location:
trunk/src/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/customize/class-wp-customize-header-image-control.php

    r53411 r54526  
    132132
    133133            <button type="button" class="choice thumbnail"
    134                 data-customize-image-value="{{{data.header.url}}}"
     134                data-customize-image-value="{{data.header.url}}"
    135135                data-customize-header-image-data="{{JSON.stringify(data.header)}}">
    136136                <span class="screen-reader-text"><?php _e( 'Set image' ); ?></span>
    137                 <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     137                <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    138138            </button>
    139139
     
    160160                <# } else { #>
    161161
    162             <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     162            <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    163163
    164164                <# } #>
  • trunk/src/wp-includes/customize/class-wp-customize-site-icon-control.php

    r50556 r54526  
    6969                                <img src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    7070                            </div>
    71                             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     71                            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    7272                        </div>
    7373                        <img class="app-icon-preview" src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as an app icon' ); ?>" />
  • trunk/src/wp-includes/media-template.php

    r54243 r54526  
    14981498                <img id="preview-favicon" src="{{ data.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    14991499            </div>
    1500             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     1500            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    15011501        </div>
    15021502
Note: See TracChangeset for help on using the changeset viewer.