#24775 closed task (blessed) (fixed)
Revisions: Make sure our templating is properly escaped
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.6 | Priority: | normal |
Severity: | normal | Version: | 3.6 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
Needs a review to make sure we're using the escaped versions of our JS templating where appropriate.
Attachments (2)
Change History (8)
#2
follow-up:
↓ 5
@
12 years ago
I think {{{ to {{ for restoreUrl requires us to undo & => & that is done by wp_nonce_url()? I can't tell if it just accidentally works, or if {{ deliberately doesn't re-escape &
#3
@
12 years ago
- Owner set to markjaquith
- Resolution set to fixed
- Status changed from new to closed
In 24729:
#5
in reply to:
↑ 2
@
12 years ago
Replying to nacin:
I think {{{ to {{ for restoreUrl requires us to undo & => & that is done by wp_nonce_url()? I can't tell if it just accidentally works, or if {{ deliberately doesn't re-escape &
Looks like {{
should reescape everything, based on the source.
Note: See
TracTickets for help on using
tickets.
First pass.