[wp-trac] [WordPress Trac] #20009: Escape later when getting post and body classes
WordPress Trac
noreply at wordpress.org
Thu Aug 15 05:31:17 UTC 2013
#20009: Escape later when getting post and body classes
------------------------------------+------------------
Reporter: mfields | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------
Comment (by nacin):
Replying to [comment:7 dd32]:
> I can tell that there's going to be a plugin out there that's doing
something funky here..
There is a "fun" workaround for this that MarkJaquith came up with a while
ago to actually ''echo'' an attribute from the body class filter. But I
also pretty much guarantee this will break someone's code and probably not
in a pretty way. I get the idea of escaping wherever possible, but we
can't safeguard against every possible misuse of a filter (in this case
the misuse I am referring to is returning an unsanitized class name), so
we should make sure we are absolutely ''sure'' we want to do this.
> and as long as `esc_attr( esc_attr() )` doesn't cause any major issues
Indeed it does not — it doesn't double-escape.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20009#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list