Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#13039 closed defect (bug) (fixed)

HTML validation broken when plugin adds a menu title such as "Foo & Bar"

Reported by: dd32 Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Administration Keywords:
Focuses: Cc:


HTML validation is currently broken when a plugin adds a menu title such as "Foo & Bar".

The & is not escaped in the menu output.

The options i came up with are:

  • HTML Escape the titles on output
    • Problem: Title may contain HTML (such as comments and plugin bubbles)
  • HTML Escape the titles upon adding them in add_menu_page()
    • Problem: Breaks any plugins adding HTML through it
  • wptexturize() the menu titles on output

The last seems to work correctly for me.

We've currently got "Authors & Users" hard coded in, this changes that simply to "Authors & Users" as well.

Change History (2)

#1 @dd32
11 years ago

Wrong ticket number on commit..

wordpress: dd32 * r14127 /trunk/wp-admin/ (includes/plugin.php menu.php menu-header.php): Escape/texturize Admin menu titles. Fixes page titles such as "Foo & Bar" not being entity encoded. Also includes some basic whitespace/standards cleanup to a related function. Fixes #12039

#2 @dd32
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.