Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#23435 closed defect (bug) (fixed)

Bundled Themes: use .text() instead .html() for blogname and blogdescription in the Customizer.

Reported by: mfields's profile mfields Owned by: lancewillett's profile lancewillett
Milestone: 3.6 Priority: normal
Severity: normal Version:
Component: Bundled Theme Keywords: has-patch
Focuses: Cc:

Description

Twenty Eleven and Twenty Twelve use the jQuery method .html() in the wp.customize() callback for both blogname and blogdescription. Both of these fields are filtered through esc_html() berfore they are saved to the database. Use of .html() in the Customizer may lead to user confusion when HTML is entered in one of these fields. The HTML will work in the preview but will be rendered as entities after save. Using .text() instead of .html() will show an accurate preview their site for blogname and blogdescription.

Attachments (1)

23435.diff (1.4 KB) - added by mfields 12 years ago.

Download all attachments as: .zip

Change History (4)

@mfields
12 years ago

#1 @mfields
12 years ago

  • Keywords has-patch added

#2 @obenland
12 years ago

  • Milestone changed from Awaiting Review to 3.6

#3 @lancewillett
12 years ago

  • Owner set to lancewillett
  • Resolution set to fixed
  • Status changed from new to closed

In 23429:

Twenty Eleven and Twenty Twelve: use .text() instead of .html() for blogname and blogdescription in Theme Customizer JavaScript handlers. Fixes #23435, props mfields.

Note: See TracTickets for help on using tickets.