Opened 9 years ago
Closed 9 years ago
#40216 closed defect (bug) (fixed)
Twenty Seventeen: Some parts do not escape html attributes
| Reported by: | bor0 | Owned by: | SergeyBiryukov |
|---|---|---|---|
| Priority: | normal | Milestone: | 4.7.4 |
| Component: | Bundled Theme | Version: | 4.7 |
| Severity: | normal | Keywords: | has-patch fixed-major |
| Cc: | Focuses: |
Description
There are appearances like:
https://core.trac.wordpress.org/browser/trunk/src/wp-content/themes/twentyseventeen/footer.php#L25
https://core.trac.wordpress.org/browser/trunk/src/wp-content/themes/twentyseventeen/template-parts/navigation/navigation-top.php#L12
_e() in these cases should actually be esc_attr_e() to ensure the translated string gets escaped for an HTML attribute context, because the translated string from another language could potentially have a character that would need to be escaped.
Attachments (1)
Change History (7)
#2
@
9 years ago
- Component Security → Bundled Theme
- Milestone Awaiting Review → 4.8
- Summary Some parts of Twentyseventeen do not esc html attr → Twenty Seventeen: Some parts do not escape html attributes
Note:
See TracTickets
for help on using tickets.
![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png)
Here are future-proof links to the lines in question:
( linking to
trunkis problematic, because those line numbers will invariably change in the future, and anyone who wants to look at the links will have to spend extra time to find the original ones )