Make WordPress Core

Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#60990 closed defect (bug) (invalid)

Change esc_html to esc_url

Reported by: truptikanzariya's profile truptikanzariya Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Application Passwords Keywords: has-patch
Focuses: coding-standards Cc:


Change "esc_html" to "esc_url" in the wp-admin/authorize-application.php file.

Attachments (1)

60990.patch (680 bytes) - added by truptikanzariya 2 months ago.

Download all attachments as: .zip

Change History (4)

#1 @dd32
2 months ago

  • Component changed from General to Application Passwords

I believe this is intentionally using esc_html() and not esc_url(), as the link is output on the page, rather than as part of a <a href attribute. This is also not the only location on that page where the link is output using esc_html(). Anywhere that would use it as a link uses esc_url() though.

The code originated in - but I can't find the actual source of it there.

#2 @johnbillion
2 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Yeah esc_html() is appropriate here. Thanks for the contribution though @truptikanzariya !

#3 @sabernhardt
2 months ago

For what it's worth: that code has had several iterations, with the earliest version in the first commit of PR 39 in the plugin.

Note: See TracTickets for help on using tickets.