id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 21613,"format_to_edit runs esc_textarea if $richedit param is set to false, not true",vhauri,DrewAPicture,"Currently, the docs on format_to_edit() indicate that it runs the content through esc_textarea (which in turn runs htmlspecialchars() ) if the $richedit param is set to true. The code, however, runs the filter if the param is not set (or passed as false, see line 1270). {{{ #!php 1255 /** 1256 * Acts on text which is about to be edited. 1257 * 1258 * The $content is run through esc_textarea(), which uses htmlspecialchars( 1259 * to convert special characters to HTML entities. If $richedit is set to t 1260 * it is simply a holder for the 'format_to_edit' filter. 1261 * 1262 * @since 0.71 1263 * 1264 * @param string $content The text about to be edited. 1265 * @param bool $richedit Whether the $content should not pass through htmls 1266 * @return string The text after the filter (and possibly htmlspecialchars( 1267 */ 1268 function format_to_edit( $content, $richedit = false ) { 1269 $content = apply_filters( 'format_to_edit', $content ); 1270 if ( ! $richedit ) 1271 $content = esc_textarea( $content ); 1272 return $content; 1273 } 1274 }}} My thought is the if statement should evaluate whether $richedit is true, rather than false, and therefore apply the esc_textarea function only when explicitly passed as a param. This would, however, result in unexpected behavior for anyone currently passing only the default $content param and getting sanitized output.",enhancement,closed,normal,4.4,Formatting,,normal,fixed,,,