[wp-trac] [WordPress Trac] #20009: Escape later when getting post and body classes
WordPress Trac
noreply at wordpress.org
Thu Aug 15 05:18:18 UTC 2013
#20009: Escape later when getting post and body classes
------------------------------------+------------------
Reporter: mfields | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------
Comment (by dd32):
I can tell that there's going to be a plugin out there that's doing
something funky here.. For example:
{{{
add_filter( 'body_class', function( $classes ) {
$classes[] = '" anotherattribute="123"';
return $classes;
} );
}}}
I agree that we should be escaping it though, and as long as `esc_attr(
esc_attr() )` doesn't cause any major issues, I think both patches should
be applied.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20009#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list