[wp-trac] [WordPress Trac] #11040: esc_attr() doesn't strip HTML tags
WordPress Trac
wp-trac at lists.automattic.com
Tue Oct 27 17:41:24 UTC 2009
#11040: esc_attr() doesn't strip HTML tags
------------------------------+---------------------------------------------
Reporter: kingjeffrey | Type: defect (bug)
Status: new | Priority: normal
Milestone: 2.9 | Component: Formatting
Version: | Severity: normal
Keywords: has-patch commit |
------------------------------+---------------------------------------------
Comment(by filosofo):
You can't make esc_attr() strip out tags, because it's used, for example,
to format the output of textarea fields.
It would be better in my opinion just to strip out the tags where they
should be stripped out, which is not necessarily for every attribute.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11040#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list