WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 12 days ago

Last modified 11 days ago

#40606 closed defect (bug) (invalid)

wp_filter_nohtml_kses escaping single quotes even when no HTML tags are being used in the string

Reported by: samuelaguilera Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.4
Component: Formatting Keywords:
Focuses: docs Cc:

Description

According to Codex wp_filter_nohtml_kses( $data ) should only strip all of the HTML in the content. But it also escapes single quotes in plain text.

Example:

<?php
        $filtered_string = wp_filter_nohtml_kses(  "You're not allowed to do this!" );
        echo $filtered_string;

The above will output:

You\'re not allowed to do this!

Change History (3)

This ticket was mentioned in Slack in #core by noisysocks. View the logs.


12 days ago

#2 @dd32
12 days ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hey @samuelaguilera, I apologise for this ticket not receiving any feedback in quite some time.

The wp_filter_nohtml_kses function is designed to act on a filter which accepts, and returns, slashed data.

The correct way to call the function in this case would therefor be wp_filter_nohtml_kses( "You\'re not allowed to do this!" ); and get the same result back.

For reference for others, the correct function to call in this case would be wp_kses( "You're not allowed to do this!", "strip" );.

I'm marking this as invalid based on the above, if anyone wants to suggest some documentation changes for this, upload a patch and re-open the ticket please :)

#3 @SergeyBiryukov
11 days ago

  • Component changed from General to Formatting
  • Focuses docs added
Note: See TracTickets for help on using tickets.