[wp-trac] [WordPress Trac] #16463: the_title_attribute() bug

Sat Feb 5 22:23:27 UTC 2011

#16463: the_title_attribute() bug
--------------------------+------------------------------
 Reporter:  facemann_ru   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Template      |     Version:  3.0.4
 Severity:  normal        |  Resolution:
 Keywords:  needs-docs    |
--------------------------+------------------------------
Changes (by dd32):

 * keywords:  reporter-feedback => needs-docs

Comment:

 > On my site users can add posts themselves. There are many moderators.

 > I wanted to use this function to strip any HTML from the title, because
 it can be added from the admin panel. Unwanted HTML can break design.

 To me, This sounds like you should be filtering the posts on save to
 remove anything which you do not want the user to add. In addition to
 that, Users with an Author or Contributor role lack the 'unfiltered_html'
 capability, that capability is what allows for HTML in titles (IIRC).

 You might want to use a role manager Plugin to apply some finer-grained
 control over what your users can, and can't do.

 In this case, The function is supposed to be used ''within attributes''
 (thus, the attribute in the name, the esc_attr() and the strip_tags(), so
 the documentation needs to be updated to mention this.

 I'm not too sure if the docblock needs updating, but the codex certainly
 does.

 Note, If you want to strip html from all titles, this will work:
 {{{
 add_filter('the_title', 'strip_html');
 }}}
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16463#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software