Make WordPress Core

Opened 5 years ago

Last modified 18 months ago

#15659 new defect (bug)

Entity escaping needed for comments list table

Reported by: brettz95 Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Comments Keywords: has-patch
Focuses: administration Cc:


Perhaps only as a result of the fact that the URL will be truncated for display, it is possible that URLs will have entities in URLs such as & truncated, thereby creating a non-well-formed entity for application/xhtml+xml . The following patch fixes it (quotation escaping is not needed since this is element content).

This is an easy fix which I hope can be applied given that its lack breaks reviewing the important comments editing page. Thanks.

Attachments (3)

class-wp-comments-list-table.php.patch (661 bytes) - added by brettz95 5 years ago.
Simple patch to avoid non-well-formed XHTML
15659.preg.diff (717 bytes) - added by markjaquith 5 years ago.
15659.diff (691 bytes) - added by solarissmoke 4 years ago.

Download all attachments as: .zip

Change History (7)

@brettz955 years ago

Simple patch to avoid non-well-formed XHTML

comment:1 @scribu5 years ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.1

We prefer using the esc_*() functions instead of htmlentities().

@markjaquith5 years ago

comment:2 @markjaquith5 years ago

  • Milestone changed from 3.1 to Future Release

If you have something like ← you could end up with &la which looks strange. Alternate approach to trim unterminated entities from the end.

Punting to future.

@solarissmoke4 years ago

comment:3 @solarissmoke4 years ago

  • Keywords has-patch added

Why not use wp_html_excerpt()?

comment:4 @jeremyfelt18 months ago

  • Component changed from Administration to Comments
  • Focuses administration added
Note: See TracTickets for help on using tickets.