WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#37594 closed defect (bug) (fixed)

Quick Draft dashboard widget toggle button contains escaped HTML

Reported by: afercia Owned by: SergeyBiryukov
Milestone: 4.6 Priority: normal
Severity: normal Version: 4.6
Component: Administration Keywords: has-screenshots has-patch commit dev-reviewed
Focuses: Cc:

Description

Introduced in [37972]

The Quick Draft dashboard widget title contains some HTML, a couple of <span> elements to show a different title depending on JavaScript is on or off. In fact, when JS is off, the widget hides the "quick press" form, shows the current user recent drafts and the title becomes "Drafts".

The same title string is used also for the "toggle" arrow and, as far as I see, in WordPress 4.5 is not escaped but it is on trunk. The result is an escaped HTML string in the button screen-reader-text:

https://cldup.com/4jpm16bGv4.png

Screen readers will read out the text as "less then span class..." etc.

Also, please notice the same string is not escaped when used for the widget <h2> heading and for the checkbox label in the Screen Options.

Maybe the best option would be refactoring the HTML in order to have 2 separated strings, but WordPress 4.6 is now Release Candidate so it's strings freeze time. The only other solution I can think of is removing the escaping ...

Attachments (1)

37594.patch (649 bytes) - added by ocean90 3 years ago.

Download all attachments as: .zip

Change History (8)

#1 @afercia
3 years ago

Aside: when JS is off, instead of "Drafts", maybe a better title would be "Your Recent Drafts" since it is actually displaying just the current user's drafts.

@ocean90
3 years ago

#2 @ocean90
3 years ago

  • Keywords has-patch commit added; needs-patch removed

With 37594.patch screen readers will read "Toggle Panel: Quick Draft, expanded, button".

This ticket was mentioned in Slack in #core by ocean90. View the logs.


3 years ago

#4 @ocean90
3 years ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#5 @SergeyBiryukov
3 years ago

  • Keywords dev-reviewed added

37594.patch looks good.

#6 @ocean90
3 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 38225:

Dashboard: Don't escape widget titles in screen reader text.

Introduced in [37972]. The title for the Quick Draft widget contains HTML to provide a JS/no-JS version.

Props SergeyBiryukov for review.
See #37595.
Fixes #37594.

#7 @ocean90
3 years ago

In 38226:

Dashboard: Don't escape widget titles in screen reader text.

Introduced in [37972]. The title for the Quick Draft widget contains HTML to provide a JS/no-JS version.

Merge of [38225] to the 4.6 branch.

Props SergeyBiryukov for review.
See #37595.
See #37594.

Note: See TracTickets for help on using tickets.