WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#6592 closed defect (bug) (invalid)

IDs must begin with a letter in HTML/XHTML, but _wp_unfiltered_html_comment does not.

Reported by: guillep2k Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.5
Component: General Keywords:
Focuses: Cc:

Description

The comments section uses a hidden field with name _wp_unfiltered_html_comment. Although the W3C validator doesn't mark it as an error, XHTML/HTML IDs must begin with a letter (we can say even the W3C validator is not perfect!).

The HTML specification, at section 6.2 (http://www.w3.org/TR/html401/types.html#type-id), clearly states that all IDs must start with a letter. For XHTML you have to dig a little deeper: at section 4.10 (http://www.w3.org/TR/xhtml1/#h-4.10) it says "in XHTML 1.0 the id attribute is defined to be of type ID"; then in XML specification you must follow the ID type (http://www.w3.org/TR/2000/REC-xml-20001006#id) to "Names and Tokens" (http://www.w3.org/TR/2000/REC-xml-20001006#NT-Name), where it says "[5] Name ::= (Letter | '_' | ':') (NameChar?)*", ruling out IDs starting with underscores. Therefore, I think that the _wp_unfiltered_html_comment id breaks XHTML validity. In any case, changing it "to be 100% sure" wouldn't hurt. ;) The affected files are only two: wp-comments-post.php:38 and comment-template.php:610 (as of version 2.5).

Change History (3)

comment:1 guillep2k6 years ago

  • Cc guillep2k added

There are other fields beginning with underscore (_) throught wordpress. I could find _wpnonce, _wp_http_referer and _wp_original_http_referer. They should all be renamed to something like x_wp_. I guess this change is not trivial, for it could potentially break compatibility with any plugins relying on those POST/query variables (is there any?).

comment:2 guillep2k6 years ago

  • Resolution set to invalid
  • Status changed from new to closed

My bad. I must have been asleep when I wrote that. I even pasted the code explicitly enabling underscore as a valid starting character. Sorry.

comment:3 Viper007Bond6 years ago

  • Milestone 2.7 deleted
Note: See TracTickets for help on using tickets.