WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #39941, comment 48


Ignore:
Timestamp:
10/07/2020 11:44:03 AM (5 years ago)
Author:
enricocarraro
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #39941, comment 48

    initial v1  
    1 Currently [https://github.com/WordPress/wordpress-develop/blob/b846378649ac2d3a1c8dc81a8901ca4a4d926006/src/wp-includes/functions.php#L7637-L7674 the function] responsible sanitizing script attributes does not escape attribute names, but only attribute values.
    2 Do you think it would be necessary to escape also attribute names?
     1Currently [https://github.com/WordPress/wordpress-develop/blob/b846378649ac2d3a1c8dc81a8901ca4a4d926006/src/wp-includes/functions.php#L7637-L7674 the function] responsible sanitizing script attributes does not sanitize attribute names, but it escapes attribute values.
     2Do you think it would be necessary to sanitize attribute names?