[wp-trac] [WordPress Trac] #20771: esc_url() instead of esc_html() in wp_nonce_url()
WordPress Trac
noreply at wordpress.org
Thu Mar 7 06:56:35 UTC 2013
#20771: esc_url() instead of esc_html() in wp_nonce_url()
-------------------------------------------------+-------------------------
Reporter: jkudish | Owner:
Type: enhancement | SergeyBiryukov
Priority: normal | Status: reopened
Component: Formatting | Milestone: 3.6
Severity: normal | Version: 3.4
Keywords: has-patch dev-feedback 3.6-early | Resolution:
commit |
-------------------------------------------------+-------------------------
Comment (by nacin):
We should ideally fix add_query_arg() to work for both & and &.
At a glance, though, I'm not sure I see where add_query_arg() handles the
former even right now.
We should also consider just using & in esc_url(). I can't think of a
particular context where esc_url() may be used (and esc_html() isn't)
where & is not a recognized entity.
For now, I agree with revert. I have considered this change more than
once, and each time, avoided it as something would break.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20771#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list