[wp-trac] [WordPress Trac] #18056: dc:creator needs to be escaped in RSS feed

WordPress Trac wp-trac at lists.automattic.com
Sun Jul 10 03:46:15 UTC 2011

#18056: dc:creator needs to be escaped in RSS feed
 Reporter:  Nettsentrisk  |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Feeds         |    Version:  3.2
 Severity:  major         |   Keywords:  has-patch
 If the author name contains any special characters, they might end up in
 the RSS feed unescaped, causing failed feed validation and thus causing
 problems for many readers.

 The code now is:

 <dc:creator><?php the_author() ?></dc:creator>

 Shouldn't this be:

 <dc:creator><![CDATA[<?php the_author() ?>]]></dc:creator>


 <dc:creator><?php htmlspecialchars(the_author()) ?></dc:creator>

 This might be a result of a custom author plugin not escaping these
 characters on the way into the database, but Wordpress should handle this
 more robustly to prevent plugin authors from messing things up like this.

Ticket URL: <http://core.trac.wordpress.org/ticket/18056>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list