Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#20687 closed defect (bug) (fixed)

Theme Customizer: Site Title & Tagline Escaped Too Far

Reported by: viper007bond's profile Viper007Bond Owned by: koopersmith's profile koopersmith
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords: needs-patch
Focuses: Cc:


Quotes, both single and double, in both the site title and tagline are escaped too far. Double quotes end up being " in the input field.

Change History (4)

#1 @Viper007Bond
12 years ago

Oh, this is because they are stored in the database escaped. Lame.

Last edited 12 years ago by Viper007Bond (previous) (diff)

#2 @Viper007Bond
12 years ago

  • Owner set to koopersmith
  • Status changed from new to assigned

Oh actually this is entirely a Javascript issue.

The <input>'s value is correct -- it's only escaped once. esc_attr() is rightly not double escaping it.

If you disable Javascript and then disable CSS (so you can see the collapsed input), then you can see it working correctly.

However when the Javascript pulls the value out of the HTML and fills the field in with it or whatever it does, it's not decoding HTML entities which causes the issue.

#3 @koopersmith
12 years ago

  • Component changed from Themes to Appearance

#4 @koopersmith
12 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [20809]:

Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

Note: See TracTickets for help on using tickets.