WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9432 closed defect (bug) (fixed)

Output Broken: Ticket for collecting patches to proplery encode script and other href attribute values

Reported by: hakre Owned by:
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7.1
Component: Validation Keywords: has-patch
Focuses: Cc:

Description

The output does not validate in certain points because ampersands (&) are not properly used within urls (should be & not a sole &).

this ticket contains patches to fix various of such issues.

Attachments (6)

qcop-r00-ampersand-post.patch (566 bytes) - added by hakre 5 years ago.
amp; was missing on post edit page
qcop-r00-ampersand-andthelike-codepress.patch (1.5 KB) - added by hakre 5 years ago.
codepress validation patch
qcop-r00-ampersand-andthelike-plugin-editor.patch (2.4 KB) - added by hakre 5 years ago.
plugin editor multiple ampersands and a missing ID (accidently taken over from the theme editor, had to be named plugin)
9432-comment-dashboard.patch (981 bytes) - added by hakre 5 years ago.
clean_url()
9432-post-script-cdata.patch (952 bytes) - added by hakre 5 years ago.
missing cdata added.
9432-package.patch (1.9 KB) - added by hakre 5 years ago.
Put both new patches into one.

Download all attachments as: .zip

Change History (20)

hakre5 years ago

amp; was missing on post edit page

hakre5 years ago

codepress validation patch

hakre5 years ago

plugin editor multiple ampersands and a missing ID (accidently taken over from the theme editor, had to be named plugin)

comment:1 hakre5 years ago

Finished with checking the Admin. All pages dones. This should fix all amp; Issues in the Admin but not one with generating CSS for the default theme header image. But that is not solveable w/o changing the overall parameter design.

comment:2 ryan5 years ago

  • Component changed from General to Validation
  • Owner anonymous deleted

comment:4 hakre5 years ago

when #9402 is fixed with a changeset, these patches here need to be updated.

comment:5 Denis-de-Bernardy5 years ago

  • Milestone changed from 2.8 to Future Release

patch is b0rke (or possibly it no longer applies)

comment:6 ryan5 years ago

  • Milestone changed from Future Release to 2.8
  • Resolution set to fixed
  • Status changed from new to closed

I think everything went in on other tickets.

comment:7 hakre5 years ago

_wp_dashboard_recent_comments_row() in dashboard.php is using get_comment_link() but does not escape it properly for XHTML usage. I created a helper function to do the job (so that a single point needs to be fixed in case of a bad implementation). Patch follows.

hakre5 years ago

clean_url()

comment:8 hakre5 years ago

forget the note about the helper function, clean_url() does it.

comment:9 hakre5 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

hakre5 years ago

missing cdata added.

comment:10 hakre5 years ago

clean_url() does not &ersand, esc_attr() should be used.

comment:11 Denis-de-Bernardy5 years ago

mmm, you may want to double check that. when the output is meant to be displayed (the default), it should convert un-converted & to &. westi raised a separate bug the other day, however, related to double-escaping no longer occurring or something.

hakre5 years ago

Put both new patches into one.

comment:12 hakre5 years ago

double checked it now, clean_url() does &038; (same as &), so it is OK to use it. esc_attr() does &, so it is OK for that to use it as well. clean_url() is my preference here.

i put both changes into one patchfile as well.

comment:13 azaozz5 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [11375]) HTML validity fixes, props hakre, fixes #9432

comment:14 hakre5 years ago

missing fixes went into a new ticket, see #10257

Note: See TracTickets for help on using tickets.