Opened 17 months ago
Closed 2 weeks ago
#58900 closed defect (bug) (wontfix)
Escaping: Output String did not run through a proper escaping function
Reported by: | armondal | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4 |
Component: | Security | Keywords: | has-patch close |
Focuses: | coding-standards | Cc: |
Description
In class-wp-customize-control.php on line 642 'New page title' did not run through any escaping function. I think esc_html_e() should be applied.
Change History (3)
This ticket was mentioned in PR #4898 on WordPress/wordpress-develop by @armondal.
17 months ago
#1
- Keywords has-patch added
#2
@
12 months ago
- Keywords close added
Hi there, welcome back to WordPress Trac! Thanks for the ticket.
Core translations are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233, #44637.)
In WordPress core and older bundled themes, strings are generally only escaped in attributes or in <option>
tags.
Note: See
TracTickets for help on using
tickets.
Applying proper escaping function to the output strings
Trac ticket: