id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc	focuses
65090	Missing escaping for dynamic link text	maheshpatel		"**File:** [src/wp-login.php](src/wp-login.php#L234)
- **Line:** 234
- **Problem:** `$message` output without escaping (filterable content)
- **Current Code:**
{{{
if ( ! empty( $message ) ) {
   echo $message . ""\n"";
}
}}}
- **Context:** `$message` comes from `apply_filters( 'login_message', $message )` but could contain HTML or special chars
- **Fix:** Context-dependent, could be:
{{{
// If message is expected to have HTML:
if ( ! empty( $message ) ) {
   echo wp_kses_post( $message ) . ""\n"";
}
// Or if plain text:
if ( ! empty( $message ) ) {
   echo esc_html( $message ) . ""\n"";
}
}}}"	defect (bug)	new	normal	Awaiting Review	General		normal		has-patch 2nd-opinion		coding-standards