#60990 closed defect (bug) (invalid)
Change esc_html to esc_url
Reported by: | truptikanzariya | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Application Passwords | Keywords: | has-patch |
Focuses: | coding-standards | Cc: |
Description
Change "esc_html" to "esc_url" in the wp-admin/authorize-application.php
file.
Attachments (1)
Change History (4)
#2
@
8 months ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Yeah esc_html()
is appropriate here. Thanks for the contribution though @truptikanzariya !
#3
@
8 months ago
For what it's worth: that code has had several iterations, with the earliest version in the first commit of PR 39 in the plugin.
Note: See
TracTickets for help on using
tickets.
I believe this is intentionally using
esc_html()
and notesc_url()
, as the link is output on the page, rather than as part of a<a href
attribute. This is also not the only location on that page where the link is output usingesc_html()
. Anywhere that would use it as a link usesesc_url()
though.The code originated in https://github.com/WordPress/application-passwords/ - but I can't find the actual source of it there.