[wp-trac] [WordPress Trac] #20009: Escape later when getting post and body classes
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 10 08:11:38 UTC 2012
#20009: Escape later when getting post and body classes
--------------------------+------------------------------------
Reporter: mfields | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Keywords: has-patch dev-feedback
--------------------------+------------------------------------
Both get_body_class() and get_post_class() provide filters that allow
plugins and themes to add custom values to the list. These filters are
applied after the values in the $classes array have been filtered through
esc_attr(). I think that it would be best to move the escaping after the
filter has fired.
esc_attr() was first added to get_body_class() and get_post_class() in
[11838]
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20009>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list