#13419 closed defect (bug) (worksforme)
comment_excerpt does not use htmlspecialchars
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Comments | Keywords: | comment_excerpt |
| Focuses: | Cc: |
Description
As a result, I will have to always use
echo htmlspecialchar(get_comment_excerpt())
if I don't want my blog goes wrong as there could be quotes in the comment.
Change History (3)
Note: See
TracTickets for help on using
tickets.
You can add this single line into your theme's functions.php:
add_filter('comment_excerpt', 'esc_html');