[wp-trac] [WordPress Trac] #60324: Add missing esc_html()
WordPress Trac
noreply at wordpress.org
Fri Jan 26 18:05:46 UTC 2024
#60324: Add missing esc_html()
--------------------------+-------------------------------
Reporter: nareshbheda | Owner: audrasjb
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 6.5
Component: Customize | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
--------------------------+-------------------------------
Comment (by sabernhardt):
Good catches!
- [20295] added `WP_Customize_Control` without escaping `$label` for the
`option` element, though the changeset escaped the text used for the input
labels.
- [32806] added `WP_Customize_Nav_Menu_Location_Control`.
I also found similar `<option` elements for
[https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes
/class-wp-list-table.php?rev=57285&marks=610,616#L603 bulk actions] in
`WP_List_Table`, but should this ticket remain focused on the Customizer
classes instead of searching `wp-admin` too?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60324#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list