WordPress.org

Make WordPress Core

Opened 7 weeks ago

Closed 5 weeks ago

#53851 closed defect (bug) (duplicate)

HTML entities show in dashboard 'Events and News' widget

Reported by: alanjacobmathew Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8
Component: Widgets Keywords: has-patch needs-testing
Focuses: ui, accessibility, administration Cc:

Description

HTML Code inside 'Events and News' widget in the dashboard stays as HTML itself and doesn't get converted on the frontend.
https://i.imgur.com/TGWLK7k.png

No plugins installed. Twenty Twenty Theme. v 5.8

Attachments (1)

53851.diff (629 bytes) - added by sabernhardt 6 weeks ago.
removing HTML escape from event.title

Download all attachments as: .zip

Change History (7)

@sabernhardt
6 weeks ago

removing HTML escape from event.title

#1 @sabernhardt
6 weeks ago

  • Component changed from General to Widgets
  • Focuses administration added
  • Keywords has-patch needs-testing added
  • Summary changed from HTML code stays as HTML itself and not getting converted to text on dashboard page to HTML entities show in dashboard 'Events and News' widget

Thanks for the report!

Adding an extra curly brace can keep the event title (and perhaps other information) un-encoded.

Last edited 6 weeks ago by sabernhardt (previous) (diff)

This ticket was mentioned in Slack in #accessibility by ryokuhi. View the logs.


6 weeks ago

#3 @ryokuhi
6 weeks ago

  • Milestone changed from Awaiting Review to 5.9
  • Version set to 4.8

The ticket was reviewed during today's Accessibility Team's bug-scrub.
The patch is very small, milestoning for 5.9.

#4 @Hareesh Pillai
5 weeks ago

Tested the patch, and it works as expected.

Should we also make the same change for the event city that appears in the next line?

#5 @whyisjake
5 weeks ago

I feel like @iandunn did some similar work around this a little while ago. I think we should keep escaping the output as we can't trust an external API (even tho WordPress controls it).

#6 @iandunn
5 weeks ago

  • Milestone 5.9 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Yeah, I think this is a duplicate of #41208. I agree w/ Jake about keeping the escaping, but ticket:41208#comment:2 might work.

I'll go ahead and close this, and we can continue discussion there. Feel free to re-open if I missed something and this is unique, though.

Note: See TracTickets for help on using tickets.