Opened 6 weeks ago
Last modified 4 weeks ago
#62630 new defect (bug)
Site Health plugin information display html tags in plugin name
Reported by: | ignatiusjeroe | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | trivial | Version: | 6.7.1 |
Component: | Site Health | Keywords: | has-patch |
Focuses: | administration | Cc: |
Description
html tag usage is permissible in plugin metadata. For some reason the Site Health -> info tab doesnt remove html tags in plugin names. See attached image.
Attachments (1)
Change History (6)
#1
@
6 weeks ago
Hello @ignatiusjeroe,
This behavior seems to be expected, as the labels are appropriately escaped for security purposes. I'll wait to hear insights from other contributors on this matter.
site-health-info.php
esc_html( $field['label'] )
#2
@
6 weeks ago
Reproduction Report
Description
This report validates whether the issue can be reproduced.
Environment
- WordPress: 6.8-alpha-59274-src
- PHP: 8.2.26
- Server: nginx/1.27.3
- Database: mysqli (Server: 8.0.40 / Client: mysqlnd 8.2.26)
- Browser: Chrome 131.0.0.0
- OS: macOS
- Theme: Twenty Twenty-Five 1.0
- MU Plugins: None activated
- Plugins: None activated
Actual Results
✅ Error condition occurs.
Supplemental Artifacts
#3
@
6 weeks ago
I agree, @yogeshbhutkar, that this behavior seems expected, as labels are properly escaped for security purposes using esc_html
. Additionally, we can sanitize the text using wp_kses
, but this is not the recommended approach. More details on this can be found in https://core.trac.wordpress.org/ticket/62619
This ticket was mentioned in PR #7952 on WordPress/wordpress-develop by @akshat2802.
6 weeks ago
#4
- Keywords has-patch added
PR for https://core.trac.wordpress.org/ticket/62630
This PR fixes the problem of HTML tags appearing in the labels of plugin in site health.
#5
@
4 weeks ago
Test Report
Description
This report validates whether the indicated patch works as expected.
Patch tested: https://github.com/WordPress/wordpress-develop/pull/7952
Environment
- WordPress: 6.8-alpha-59506
- PHP: 8.1.29
- Server: nginx/1.16.0
- Database: mysqli (Server: 8.0.16 / Client: mysqlnd 8.1.29)
- Browser: Chrome 131.0.0.0
- OS: macOS
- Theme: Twenty Fifteen 3.9
Actual Results
- ✅ Issue resolved with patch.
Additional Notes
Thank you for providing the patch. I have tested it, and it resolves the issue successfully.
Site Health - plugin information