WordPress.org

Make WordPress Core

#21756 closed defect (bug) (fixed)

Escape i18n attributes as late as possible

Reported by: mfields Owned by:
Milestone: 3.5 Priority: normal
Severity: normal Version:
Component: Bundled Theme Keywords: has-patch
Focuses: Cc:

Description

The following code is found in multiple places in both Twenty Ten and Twenty Eleven:

printf( esc_attr__( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) )

While the value of the_title_attribute() is escaped before it is returned in this example, this code could be reworked to demonstrate the best practice of escaping as late as possible:

echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) ) )

Twenty Twelve is currently using code similar to the second example.

Attachments (2)

21756.diff (14.7 KB) - added by mfields 20 months ago.
Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.
21756.2.diff (12.4 KB) - added by lancewillett 18 months ago.
Fixes extra echo in content-gallery.php

Download all attachments as: .zip

Change History (7)

mfields20 months ago

Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.

comment:1 nacin19 months ago

  • Milestone changed from Awaiting Review to 3.5

comment:2 lancewillett18 months ago

In [22197]:

Twenty Ten: escape i18n attributes as late as possible, fixes cases in loop.php -- props mfields. See #21756.

comment:3 lancewillett18 months ago

Ran into a small issue with the patch, for Twenty Eleven — there's an extra echo in content-gallery.php that throws an error.

lancewillett18 months ago

Fixes extra echo in content-gallery.php

comment:4 lancewillett18 months ago

In [22199]:

Twenty Eleven: escape i18n attributes as late as possible, props mfields. See #21756.

comment:5 lancewillett18 months ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.