Opened 12 years ago
Closed 12 years ago
#25322 closed defect (bug) (fixed)
Escape title in HTML5 search form field
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 3.7 | Priority: | normal |
| Severity: | normal | Version: | 3.6 |
| Component: | Template | Keywords: | has-patch commit |
| Focuses: | Cc: |
Description
The title attribute in the search input of the HTML5 search form is not escaped. Not sure if a title is necessary there in the first place, but it should be properly escaped if it is.
Attachments (4)
Change History (13)
#2
follow-up:
↓ 3
@
12 years ago
- Resolution set to fixed
- Status changed from new to closed
This seems to be fixed in trunk, closing.
#3
in reply to:
↑ 2
@
12 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
Replying to joostdevalk:
This seems to be fixed in trunk, closing.
I don't think it is: http://core.trac.wordpress.org/browser/trunk/src/wp-includes/general-template.php#L175
#4
@
12 years ago
- Keywords commit added
Ah so the patch was in fact out of date :) Just updated it. Seems ready for commit to me.
#5
@
12 years ago
Updated the patch by joostdevalk to use the correct function (esc_attr_x) - probably just a typo
Note: See
TracTickets for help on using
tickets.
You're right. I don't see a reason why this shouldn't be commited.