[wp-trac] [WordPress Trac] #32812: Customizer Menus: Escaping inconsistencies
WordPress Trac
noreply at wordpress.org
Mon Jul 13 00:11:55 UTC 2015
#32812: Customizer Menus: Escaping inconsistencies
--------------------------+---------------------------
Reporter: swissspidy | Owner: valendesigns
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.3
Component: Customize | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+---------------------------
Changes (by valendesigns):
* owner: => valendesigns
* status: new => assigned
Comment:
Does anyone have preferences one way or the other? These are our options
and they should be the same for both Admin & Customizer Menus.
1) Admin Menus `trim( esc_html( $name ) )`
2) Customizer Menus `sanitize_text_field( $name )`
If we were talking about menu item titles and not menu titles I would go
with the first option. But since we're talking about menu titles we should
probably go with the second option. There's really no go reason to allow
HTML here. I can't think of a context in which the title of a menu should
be allowed to have HTML in it. Can anyone else?
When we land on a decision I'll create a patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32812#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list