[wp-trac] [WordPress Trac] #20009: Escape later when getting post and body classes

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 15 21:24:18 UTC 2012


#20009: Escape later when getting post and body classes
------------------------------------+------------------------------
 Reporter:  mfields                 |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Themes                  |     Version:
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |
------------------------------------+------------------------------

Comment (by azaozz):

 What exactly are we escaping here? Values added by plugins? Don't think
 escaping is really needed on class names added from trusted source, keep
 in mind that the HTML class attribute allows the whole UTF-8 charset to be
 used with very little restrictions.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20009#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list