[wp-trac] [WordPress Trac] #31631: Issue with "HTML escaping" in theme customizer

Sat Aug 8 19:18:48 UTC 2015

#31631: Issue with "HTML escaping" in theme customizer
--------------------------+-----------------------
 Reporter:  tititou36     |       Owner:  ocean90
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  4.3
Component:  Customize     |     Version:  4.1
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+-----------------------
Changes (by Collizo4sky):

 * status:  closed => reopened
 * resolution:  fixed =>

Comment:

 Replying to [comment:6 ocean90]:
 > Replying to [comment:5 Collizo4sky]:
 >
 > Hello @Collizo4sky, can you please open a new ticket for that? Please
 also include some code for testing and the steps to reproduce your issue.
 Thanks!

 I would have done so but am not sure if this is the fault of the theme
 author or customizer because i don't know if the customizer API include a
 callback function for sanitizing user input which the theme author might
 be using wrongly.

 Here is the code for the custom css in customizer the theme is using. See
 if you can spot any problem.

 {{{
 <?php
 function customcss_customizer( $wp_customize ) {
     $wp_customize->add_section(
         'customcss_section',
         array(
             'title' => 'Custom CSS',
             'description' => 'Insert Custom CSS lines here',
             'priority' => 41,
         )
     );

     $wp_customize->add_setting( 'tb_webpaint_customcss',array(
         'transport' => 'postMessage',
         'sanitize_callback' => 'textonly_sanitize') );
         $wp_customize->add_control(
             new tb_textarea_Control(
                 $wp_customize,
                 'tb_webpaint_customcss',
                 array(
                     'label' => 'Custom CSS',
                     'section' => 'customcss_section',
                     'settings' => 'tb_webpaint_customcss'
                 )
             )
         );

    if ( $wp_customize->is_preview() && ! is_admin() ){
         add_action( 'wp_footer', 'customcss_customizer_preview', 21);
     }

 }
 add_action( 'customize_register', 'customcss_customizer' );

 function customcss_customizer_preview() {
    ?>
     <script type="text/javascript">
         ( function() {
             wp.customize('tb_webpaint_customcss',function( value ) {
                 value.bind(function(to) {
                         jQuery("#customizercss").text(to);
                 });
             });
         } )( jQuery )
     </script>
 <?php
 }  // End function example_customize_preview()

 ?>
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31631#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform