Opened 11 months ago
Closed 10 months ago
#24083 closed enhancement (fixed)
the_author_posts_link() not properly escaping HTML output
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 3.6 | Priority: | normal |
| Severity: | normal | Version: | 3.5.1 |
| Component: | Template | Keywords: | |
| Focuses: | Cc: |
Description
I was running an HTML5 validator on one of the sites I manage and noticed that the_author_posts_link is not properly escaped.
For example,
<a href="http://www.chud.com/author/William Thomas-Berk/" title="Posts by William Thomas Berk" rel="author">William Thomas Berk</a>
Notice that the URI has a space in it that should be encoded as %20 before being output. As a result, there are a lot of HTML validation errors being shown as a result.
Change History (3)
comment:1
ocean90
— 11 months ago
- Component changed from General to Template
- Milestone changed from Awaiting Review to 3.6
- Severity changed from minor to normal
- Type changed from defect (bug) to enhancement
comment:2
SergeyBiryukov
— 11 months ago
Note that user_nicename field (which the function uses to construct the URL) is supposed to be a sanitized (URL-friendly) version of user_login. It should not contain spaces.
comment:3
aaroncampbell
— 10 months ago
- Resolution set to fixed
- Status changed from new to closed
I agree that user_nicename is expected to be URL friendly. Now that we run the URL through usc_url(), I think we should consider this fixed.
Note: See
TracTickets for help on using
tickets.
Fixed in [23528].