[wp-trac] [WordPress Trac] #57110: Correctly some attributes escape is missing in this ( wp-admin/includes/nav-menu.php ) file.
WordPress Trac
noreply at wordpress.org
Fri Mar 31 16:11:00 UTC 2023
#57110: Correctly some attributes escape is missing in this ( wp-admin/includes
/nav-menu.php ) file.
--------------------------+-----------------------------------------------
Reporter: zenaulislam | Owner: SergeyBiryukov
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.3
Component: Menus | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration, coding-standards
--------------------------+-----------------------------------------------
Comment (by jrf):
@SergeyBiryukov Happens to the best of us ;-)
Escaping - especially for attributes and URLs and such - should always try
to escape the complete value in one go as otherwise there is still a
security risk.
Not a big risk in this particular case, but better to make it a habit
anyway.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57110#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list