[wp-trac] [WordPress Trac] #20009: Escape later when getting post and body classes
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 15 21:24:18 UTC 2012
#20009: Escape later when getting post and body classes
------------------------------------+------------------------------
Reporter: mfields | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by azaozz):
What exactly are we escaping here? Values added by plugins? Don't think
escaping is really needed on class names added from trusted source, keep
in mind that the HTML class attribute allows the whole UTF-8 charset to be
used with very little restrictions.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20009#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list