Opened 14 years ago
Closed 11 years ago
#14361 closed defect (bug) (duplicate)
the_title does not escape HTML special characters properly
Reported by: | peaceablewhale | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Themes | Keywords: | close |
Focuses: | template | Cc: |
Description
The 'the_title' function does not escape HTML special characters properly, causing invalid HTML.
Test case: "<test>This is a test</test>"
Attachments (1)
Change History (11)
#1
@
14 years ago
- Keywords needs-patch 2nd-opinion added; has-patch removed
- Milestone changed from Awaiting Review to Future Release
#5
@
14 years ago
I think bloggers usually expect the system displays exactly what they have typed in the title. It is unfortunate that the behavior is considered intended...
Note: See
TracTickets for help on using
tickets.
Woah, that'd break quite a bit. HTML is allowed inside the title.
We need to be careful not to break valid HTML if we would ever try to account for escaping other characters that make up HTML.