Opened 9 years ago
Closed 9 years ago
#27641 closed defect (bug) (fixed)
Theme Install screen displays encoded entities
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.9 | Priority: | normal |
Severity: | normal | Version: | 3.9 |
Component: | Themes | Keywords: | 2nd-opinion has-patch |
Focuses: | ui | Cc: |
Description
The theme description (that's displayed in the left hand panel when you view a theme's details) on the theme install screen is output in the template using {{
double curly braces }}
which encodes the output instead of outputting it as HTML.
The result is that ampersands show up as &
instead of &
. You can see this in action if you view details of "Alexandria" in the "Featured" tab.
Is it safe to use {{{
triple braces }}}
instead? It should be, but could do with a second opinion as I'm not sure how much sanitising is done in the theme repo.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
Hmm. Anything coming back from WordPress.org should be considered safe, but I do not really want to treat it as safe.