[wp-trac] [WordPress Trac] #40216: Some parts of Twentyseventeen do not esc html attr
WordPress Trac
noreply at wordpress.org
Tue Mar 21 10:37:53 UTC 2017
#40216: Some parts of Twentyseventeen do not esc html attr
--------------------------+-----------------------------
Reporter: bor0 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.7
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
There are appearances like:
https://core.trac.wordpress.org/browser/trunk/src/wp-
content/themes/twentyseventeen/footer.php#L25
https://core.trac.wordpress.org/browser/trunk/src/wp-
content/themes/twentyseventeen/template-parts/navigation/navigation-
top.php#L12
_e() in these cases should actually be esc_attr_e() to ensure the
translated string gets escaped for an HTML attribute context, because the
translated string from another language could potentially have a character
that would need to be escaped.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40216>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list