#54295 closed enhancement (fixed)
Unnecessarily escaped values in various customizer control in wp-includes/cusstomizer
Reported by: | sabbirshouvo | Owned by: | |
---|---|---|---|
Milestone: | 5.9 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Customize | Keywords: | has-patch |
Focuses: | coding-standards | Cc: |
Description
In most cases data.description
is not needed to escape but escaped in multiple controls. Also in wp-includes/class-wp-customize-control.php
some labels and ids are not properly escaped.
Attachments (1)
Change History (6)
This ticket was mentioned in Slack in #core by sergey. View the logs.
3 years ago
#4
@
3 years ago
- Resolution set to fixed
- Status changed from assigned to closed
Closing as the patch is committed and will ship in 5.9.
#5
@
3 years ago
Just noting that only the first part of the patch was committed, which adds some missing esc_attr()
calls.
I did not touch the (presumably) unnecessarily escaped values, as that required more investigation and I don't see any harm in leaving them as is for now. If anyone thinks that part should be addressed as well, feel free to reopen.
Note: See
TracTickets for help on using
tickets.
In 51927: