Opened 12 years ago
Closed 11 years ago
#24738 closed defect (bug) (wontfix)
id attributes populated by comment_ID() are not escaped
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 1.5 |
Component: | Comments | Keywords: | has-patch |
Focuses: | Cc: |
Description
The core comment templates use comment_ID()
to help populate some id
attributes. comment_ID()
is filterable, and should be escaped.
Attachments (2)
Change History (10)
Note: See
TracTickets for help on using
tickets.
If I had my way, get_comment_ID() wouldn't have a filter. (get_the_ID() doesn't have one either.) That said, it returns an integer. So we can/should either cast to an integer inside get_comment_ID(), or just assume that plugin authors won't return something other than an integer.