Opened 13 years ago
Closed 13 years ago
#20106 closed defect (bug) (fixed)
Escape links in get_the_term_list function
Reported by: | alex-ye | Owned by: | ryan |
---|---|---|---|
Milestone: | 3.4 | Priority: | normal |
Severity: | normal | Version: | 3.3.1 |
Component: | Taxonomy | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
When I was working in my new website , I create a copy function to get_the_term_list() just to escape the links in it , because there is no filters to do that and I was wondering WHY YOU ARE NOT ESCAPE THE LINKS ?
Attachments (2)
Change History (8)
#1
@
13 years ago
- Keywords has-patch added; needs-patch removed
Yup, should be escaping those links.
#3
in reply to:
↑ description
;
follow-up:
↓ 4
@
13 years ago
Replying to alex-ye:
I create a copy function to get_the_term_list() just to escape the links in it , because there is no filters to do that
Well, there is "term_links-$taxonomy"
, though I guess using it to escape the links would require preg_replace()
.
There are more unescaped links in wp-includes/category-template.php
. Not sure if all of them should be escaped, but most of them are returned by get_term_link()
as well, and it probably makes sense to be consistent. Made the patch just in case.
#4
in reply to:
↑ 3
@
13 years ago
Replying to SergeyBiryukov:
Well, there is
"term_links-$taxonomy"
, though I guess using it to escape the links would requirepreg_replace()
.
As you know using preg_replace() to do that it is not good to performance , If you know some cases that don't need to escape we can add a option ( Function Var ) .
add esc_url