WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #49190, comment 2


Ignore:
Timestamp:
01/16/2020 09:48:04 PM (9 months ago)
Author:
kjellr
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #49190, comment 2

    initial v1  
    11> It shouldn't be using esc_html() on the title, because titles can contain markup, so you've identified a bug in the comment.php.
    22
    3 Makes sense! Would `wp_kses_post()` be a suitable replacement in these cases? It seems like we wouldn't want to eliminate those `em` or `bold` tags entirely, and something like `strip_tags()` or `esc_attr()` would do that.
     3Makes sense! Would `wp_kses_post()` be a suitable replacement in these cases? It seems like we wouldn't want to eliminate those `em` or `bold` tags entirely, and something like `strip_tags()` or `esc_attr()` would do that. But on the other hand, there are probably a number of HTML tags that are allowed in posts that wouldn't make sense to display in a post title. 😕