[wp-trac] [WordPress Trac] #20771: esc_url() instead of esc_html() in wp_nonce_url()
WordPress Trac
wp-trac at lists.automattic.com
Tue May 29 06:21:38 UTC 2012
#20771: esc_url() instead of esc_html() in wp_nonce_url()
-------------------------+-----------------------------
Reporter: jkudish | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 3.4
Severity: normal | Keywords: has-patch
-------------------------+-----------------------------
The `wp_nonce_url()` function currently uses `esc_html()` in its output,
which doesn't really seem to be the appropriate escaping function since
it's generating a URL.
Attached patch changes the output to use `esc_url()`
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20771>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list