[wp-trac] [WordPress Trac] #22327: Settings API output is not escaped
WordPress Trac
noreply at wordpress.org
Tue Oct 30 23:14:28 UTC 2012
#22327: Settings API output is not escaped
------------------------------+------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.5
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch commit |
------------------------------+------------------
Changes (by nacin):
* keywords: has-patch => has-patch commit
* milestone: Awaiting Review => 3.5
Comment:
So, for things like programmatic values, we don't escape for security.
Inner HTML should not be escaped. But, attributes should always be escaped
to avoid breakage. So most of this looks great.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22327#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list