[buddypress-trac] [BuddyPress Trac] #7656: Update `bp_new_group_invite_friend_list` for new $args to support full list markup

buddypress-trac noreply at wordpress.org
Wed Jan 17 12:18:54 UTC 2018

#7656: Update `bp_new_group_invite_friend_list` for new $args to support full list
 Reporter:  hnla         |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  3.0
Component:  Groups       |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |

Comment (by DJPaul):

 Any developer can pass any value to any function. We all know that. That's
 why we're so careful with sanitising user-supplied data, because it could
 be anything.

 If there's no way to inject a value into a unit of code at runtime (be
 that a search form value, or the result of an API request, or data from an
 RSS feed, etc), then it's safe -- at least from this very specific

 We don't need to harden BuddyPress against developers making poor choices
 with how they write their code (i.e. making up their own HTML elements).

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7656#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list