[wp-trac] [WordPress Trac] #15454: esc_textarea() for obvious textarea escaping function.

Thu Dec 16 13:57:48 UTC 2010

#15454: esc_textarea() for obvious textarea escaping function.
-------------------------------------+-----------------------
 Reporter:  markjaquith              |       Owner:
     Type:  defect (bug)             |      Status:  reopened
 Priority:  high                     |   Milestone:  3.1
Component:  General                  |     Version:  3.1
 Severity:  major                    |  Resolution:
 Keywords:  has-patch needs-testing  |
-------------------------------------+-----------------------

Comment (by garyc40):

 In current trunk, try entering this in Link Notes (Links -> Add Link), or
 Category Description (Post -> Categories -> Edit a category), or Biography
 Info (profile.php):

 {{{
 Test String < Hello
 }}}

 It will become this inside the textarea:

 {{{
 Test String &lt; Hello
 }}}

 In the source code:

 {{{
 Test String &amp;lt; Hello
 }}}

 This is probably the rationale behind esc_html() in sanitize_user_field()
 in the first place.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15454#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software