#30651 closed enhancement (fixed)
Twenty Fifteen: esc_html_e() for "Published by" string in author-bio.php
Reported by: | iamtakashi | Owned by: | iandstewart |
---|---|---|---|
Milestone: | 4.1 | Priority: | normal |
Severity: | normal | Version: | 4.1 |
Component: | Bundled Theme | Keywords: | has-patch |
Focuses: | Cc: |
Description
Currently _e
is used for the string but I believe it's better to use esc_html_e()
instead.
Attachments (1)
Change History (5)
#1
@
10 years ago
- Owner set to iandstewart
- Resolution set to fixed
- Status changed from new to closed
#2
@
10 years ago
_e()
is proper here. I'm working on a security audit of Twenty Fifteen so I'll revert this sometime in RC.
#3
@
10 years ago
Is there anywhere a clear guidance for the theme developers on when to use escaping?
I follow the development of _s and default WP themes to make my themes better and recently in Twenty Fifteen and _s there was escaping promoted. Now, when I applied those changes to my theme I will have to revert :-/
Is there any harm for having escaping in place?
Note: See
TracTickets for help on using
tickets.
In 30805: