[wp-trac] [WordPress Trac] #22436: escape recent posts widget post titles
WordPress Trac
noreply at wordpress.org
Wed Nov 14 03:25:11 UTC 2012
#22436: escape recent posts widget post titles
--------------------------+------------------------------
Reporter: niallkennedy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version:
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Changes (by nacin):
* type: defect (bug) => enhancement
Comment:
We certainly don't need to escape the ID. I'm wondering about the title,
though. Non-HTML content like a loose ampersand or angle bracket should
indeed be encoded, but that doesn't mean we should be encoding other HTML
found in titles. I'd much rather see italics if that's what the user
added, than raw "<em>" and "</em>". Strip tags could work but that doesn't
really respect what the user was aiming for.
What we really need is a sane conversion of reserved characters (<>&"')
used in post_title to their encoded equivalents, as long as they are not
actually HTML. This should actually probably happen on save (it already
does in part for ampersands, IIRC), outputted as-is for display, then be
reversed for edit so the user is editing "<em>" and "5 < 6" just the same.
Complicated, but no way around this.
In the end, this isn't really a bug.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22436#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list