#44916 closed defect (bug) (wontfix)
Add escape in walker nav menu title
Reported by: | anonymized_13528887 | Owned by: | welcher |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Menus | Keywords: | has-patch needs-unit-tests close |
Focuses: | Cc: |
Description
Escape walker nav menu title after applying filter
Attachments (2)
Change History (9)
#1
@
6 years ago
- Keywords 2nd-opinion added
- Summary changed from Escape walker nav menu title to Add escape in walker nav menu title
#3
@
6 years ago
- Keywords needs-unit-tests added; 2nd-opinion removed
- Owner set to welcher
- Status changed from new to assigned
@harshall I've updated the patch against latest trunk and modified it to use late escaping as well.
It can probably do with some unit tests.
#5
@
6 years ago
- Keywords close added
- Milestone changed from 5.2.2 to Awaiting Review
Historically, HTML is allowed in titles, see discussions in #4789, #14361, #22436.
Markup is allowed in post titles and it gets sanitized by KSES, meaning users without the unfiltered_html
capability are limited to tags such as <strong>
, <em>
, and a few others.
If we do decide to reconsider this, there are multiple places where titles are not escaped, but at least Walker_Page
should be updated for consistency.
Note: See
TracTickets for help on using
tickets.
Hi @harshall, welcome to WordPress Trac! Thanks for the ticket.
i have check other instance of menu title but escape is not added in menu title.