Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#20687 closed defect (bug) (fixed)

Theme Customizer: Site Title & Tagline Escaped Too Far

Reported by: Viper007Bond Owned by: koopersmith
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords: needs-patch
Focuses: Cc:


Quotes, both single and double, in both the site title and tagline are escaped too far. Double quotes end up being " in the input field.

Change History (4)

#1 @Viper007Bond
9 years ago

Oh, this is because they are stored in the database escaped. Lame.

Version 0, edited 9 years ago by Viper007Bond (next)

#2 @Viper007Bond
9 years ago

  • Owner set to koopersmith
  • Status changed from new to assigned

Oh actually this is entirely a Javascript issue.

The <input>'s value is correct -- it's only escaped once. esc_attr() is rightly not double escaping it.

If you disable Javascript and then disable CSS (so you can see the collapsed input), then you can see it working correctly.

However when the Javascript pulls the value out of the HTML and fills the field in with it or whatever it does, it's not decoding HTML entities which causes the issue.

#3 @koopersmith
9 years ago

  • Component changed from Themes to Appearance

#4 @koopersmith
9 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [20809]:

Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

Note: See TracTickets for help on using tickets.