Make WordPress Core

Changeset 54536


Ignore:
Timestamp:
10/17/2022 12:29:54 PM (2 years ago)
Author:
audrasjb
Message:

Customize: Escape blogname option in underscores templates.

Props xknown, martinkrcho.
Merges [54526] to the 6.0 branch.

Location:
branches/6.0
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/6.0

  • branches/6.0/src/wp-includes/customize/class-wp-customize-header-image-control.php

    r48834 r54536  
    131131
    132132            <button type="button" class="choice thumbnail"
    133                 data-customize-image-value="{{{data.header.url}}}"
     133                data-customize-image-value="{{data.header.url}}"
    134134                data-customize-header-image-data="{{JSON.stringify(data.header)}}">
    135135                <span class="screen-reader-text"><?php _e( 'Set image' ); ?></span>
    136                 <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     136                <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    137137            </button>
    138138
     
    159159                <# } else { #>
    160160
    161             <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     161            <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    162162
    163163                <# } #>
  • branches/6.0/src/wp-includes/customize/class-wp-customize-site-icon-control.php

    r50556 r54536  
    6969                                <img src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    7070                            </div>
    71                             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     71                            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    7272                        </div>
    7373                        <img class="app-icon-preview" src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as an app icon' ); ?>" />
  • branches/6.0/src/wp-includes/media-template.php

    r52196 r54536  
    14941494                <img id="preview-favicon" src="{{ data.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    14951495            </div>
    1496             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     1496            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    14971497        </div>
    14981498
Note: See TracChangeset for help on using the changeset viewer.