[wp-trac] [WordPress Trac] #11040: esc_attr() doesn't strip HTML tags
WordPress Trac
wp-trac at lists.automattic.com
Tue Oct 27 17:51:02 UTC 2009
#11040: esc_attr() doesn't strip HTML tags
------------------------------+---------------------------------------------
Reporter: kingjeffrey | Type: defect (bug)
Status: new | Priority: normal
Milestone: 2.9 | Component: Formatting
Version: | Severity: normal
Keywords: has-patch commit |
------------------------------+---------------------------------------------
Comment(by scribu):
Textareas and inputs should use esc_html() instead. Besides that, when is
it useful to have escaped html in an attribute?
Besides, esc_attr() and esc_html() are currently ''identical''. So what's
the point of having two functions that do the same thing?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11040#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list