#58252 closed defect (bug) (duplicate)
Escaping issue found while echoing attribute's dynamic value in html attribute.
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.2 |
| Component: | Administration | Keywords: | |
| Focuses: | coding-standards | Cc: |
Description
In wp-includes/class-wp-admin-bar.php file, I've found that the there is an escaping issue while echoing attribute's dynamic value in html attribute (like class). The issue is found at line 458 of that file. I think it should be escaped.
I've seen the attribute's dynamic value were escaped in the other lines of that file. Link mentioned below:
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/class-wp-admin-bar.php#L487
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/class-wp-admin-bar.php#L514
Change History (2)
Note: See
TracTickets for help on using
tickets.
Duplicate of #58251.
This ticket is duplicate of https://core.trac.wordpress.org/ticket/58251