Make WordPress Core

Opened 17 months ago

Closed 2 weeks ago

#58900 closed defect (bug) (wontfix)

Escaping: Output String did not run through a proper escaping function

Reported by: armondal's profile armondal Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch close
Focuses: coding-standards Cc:

Description

In class-wp-customize-control.php on line 642 'New page title' did not run through any escaping function. I think esc_html_e() should be applied.

Change History (3)

This ticket was mentioned in PR #4898 on WordPress/wordpress-develop by @armondal.


17 months ago
#1

  • Keywords has-patch added

Applying proper escaping function to the output strings

Trac ticket:

#2 @SergeyBiryukov
12 months ago

  • Keywords close added

Hi there, welcome back to WordPress Trac! Thanks for the ticket.

Core translations are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233, #44637.)

In WordPress core and older bundled themes, strings are generally only escaped in attributes or in <option> tags.

#3 @johnbillion
2 weeks ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Closing as per the above. Cheers!

Note: See TracTickets for help on using tickets.