Opened 17 years ago
Closed 16 years ago
#7084 closed defect (bug) (fixed)
Widget titles need to be auto-escaped.
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.8 | Priority: | normal |
| Severity: | normal | Version: | 2.5.1 |
| Component: | Widgets | Keywords: | has-patch tested commit |
| Focuses: | Cc: |
Description
Reference: http://wordpress.org/support/topic/180280
Short version: An ampersand in the title of a widget causes an output of just the ampersand instead of the html amp; code. This results in validation failure.
Solution: Widget titles and possibly text widgets need to be html escaped before output onto the page.
Attachments (2)
Change History (10)
#1
@
16 years ago
The attached patch implements the widget_title filter. A quick scan of widgets.php shows that most widgets invoke this filter for the widget title, however it is not implemented by default. Figuring that titles for widgets would be similar to most other titles, this is generally used in a way similar to the blog's title, this small diff applies the same filter sets as are applied to wp_title.
Implementing widget_title filter