[wp-trac] [WordPress Trac] #19282: wp_get_attachment_link() does not allow HTML in link text
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 30 03:40:59 UTC 2012
#19282: wp_get_attachment_link() does not allow HTML in link text
----------------------------+------------------
Reporter: SergeyBiryukov | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.4
Component: General | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------
Comment (by griffinjt):
Letting straight HTML come through doesn't seem like the safest way to go.
Why not just filter using `wp_kses_post()`? Not escaping allows for
<script> tags to pass through, so if we want to add HTML, let's at least
filter what type of HTML tags can come through. I've attached an updated
diff for it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19282#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list