WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#21756 closed defect (bug) (fixed)

Escape i18n attributes as late as possible

Reported by: mfields Owned by:
Milestone: 3.5 Priority: normal
Severity: normal Version:
Component: Bundled Theme Keywords: has-patch
Focuses: Cc:

Description

The following code is found in multiple places in both Twenty Ten and Twenty Eleven:

printf( esc_attr__( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) )

While the value of the_title_attribute() is escaped before it is returned in this example, this code could be reworked to demonstrate the best practice of escaping as late as possible:

echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) ) )

Twenty Twelve is currently using code similar to the second example.

Attachments (2)

21756.diff (14.7 KB) - added by mfields 8 years ago.
Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.
21756.2.diff (12.4 KB) - added by lancewillett 8 years ago.
Fixes extra echo in content-gallery.php

Download all attachments as: .zip

Change History (7)

@mfields
8 years ago

Escape i18n attributes as late as possible in Twenty Ten and Twenty Eleven.

#1 @nacin
8 years ago

  • Milestone changed from Awaiting Review to 3.5

#2 @lancewillett
8 years ago

In [22197]:

Twenty Ten: escape i18n attributes as late as possible, fixes cases in loop.php -- props mfields. See #21756.

#3 @lancewillett
8 years ago

Ran into a small issue with the patch, for Twenty Eleven — there's an extra echo in content-gallery.php that throws an error.

@lancewillett
8 years ago

Fixes extra echo in content-gallery.php

#4 @lancewillett
8 years ago

In [22199]:

Twenty Eleven: escape i18n attributes as late as possible, props mfields. See #21756.

#5 @lancewillett
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.