#30651 closed enhancement (fixed)
Twenty Fifteen: esc_html_e() for "Published by" string in author-bio.php
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.1 | Priority: | normal |
| Severity: | normal | Version: | 4.1 |
| Component: | Bundled Theme | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Currently _e is used for the string but I believe it's better to use esc_html_e() instead.
Attachments (1)
Change History (5)
#1
@
11 years ago
- Owner set to iandstewart
- Resolution set to fixed
- Status changed from new to closed
#2
@
11 years ago
_e() is proper here. I'm working on a security audit of Twenty Fifteen so I'll revert this sometime in RC.
#3
@
11 years ago
Is there anywhere a clear guidance for the theme developers on when to use escaping?
I follow the development of _s and default WP themes to make my themes better and recently in Twenty Fifteen and _s there was escaping promoted. Now, when I applied those changes to my theme I will have to revert :-/
Is there any harm for having escaping in place?
Note: See
TracTickets for help on using
tickets.
In 30805: