[wp-trac] [WordPress Trac] #16463: the_title_attribute() bug
WordPress Trac
wp-trac at lists.automattic.com
Sat Feb 5 22:23:27 UTC 2011
#16463: the_title_attribute() bug
--------------------------+------------------------------
Reporter: facemann_ru | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Template | Version: 3.0.4
Severity: normal | Resolution:
Keywords: needs-docs |
--------------------------+------------------------------
Changes (by dd32):
* keywords: reporter-feedback => needs-docs
Comment:
> On my site users can add posts themselves. There are many moderators.
> I wanted to use this function to strip any HTML from the title, because
it can be added from the admin panel. Unwanted HTML can break design.
To me, This sounds like you should be filtering the posts on save to
remove anything which you do not want the user to add. In addition to
that, Users with an Author or Contributor role lack the 'unfiltered_html'
capability, that capability is what allows for HTML in titles (IIRC).
You might want to use a role manager Plugin to apply some finer-grained
control over what your users can, and can't do.
In this case, The function is supposed to be used ''within attributes''
(thus, the attribute in the name, the esc_attr() and the strip_tags(), so
the documentation needs to be updated to mention this.
I'm not too sure if the docblock needs updating, but the codex certainly
does.
Note, If you want to strip html from all titles, this will work:
{{{
add_filter('the_title', 'strip_html');
}}}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16463#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list