Changes between Initial Version and Version 1 of Ticket #49190, comment 4
- Timestamp:
- 01/17/2020 01:21:07 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #49190, comment 4
initial v1 1 1 > WordPress core runs KSES on the post's title as it's saved so the content in the database is considered safe. Therefore there is no need to run wp_kses_post() on title. It's the same process that makes escaping the_content() unnecessary. 2 2 3 That was my initial assumption, before seeing th at suggestion in `_s`. There's some conflicting information on the code reference page that should be clarified:3 That was my initial assumption, before seeing the linked suggestion in `_s` repository. There's some conflicting information on the code reference page that should be clarified: 4 4 5 5 https://developer.wordpress.org/reference/functions/get_the_title/#comment-2150 … … 9 9 https://css-tricks.com/introduction-to-wordpress-front-end-security-escaping-the-things/ 10 10 11 In any case, if `get_the_title()` does not need to be escaped, [attachment:"49190.diff"] should correct the use of `esc_html()` .11 In any case, if `get_the_title()` does not need to be escaped, [attachment:"49190.diff"] should correct the use of `esc_html()` in Twenty Twenty.