Opened 12 years ago
Closed 12 years ago
#21756 closed defect (bug) (fixed)
Escape i18n attributes as late as possible
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Bundled Theme | Keywords: | has-patch |
Focuses: | Cc: |
Description
The following code is found in multiple places in both Twenty Ten and Twenty Eleven:
printf( esc_attr__( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) )
While the value of the_title_attribute()
is escaped before it is returned in this example, this code could be reworked to demonstrate the best practice of escaping as late as possible:
echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) ) )
Twenty Twelve is currently using code similar to the second example.
Attachments (2)
Change History (7)
Note: See
TracTickets for help on using
tickets.
Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.