[wp-trac] [WordPress Trac] #26330: Plugin descriptions aren't HTML-escaped on /wp-admin/plugins.php
WordPress Trac
noreply at wordpress.org
Fri Nov 29 21:52:48 UTC 2013
#26330: Plugin descriptions aren't HTML-escaped on /wp-admin/plugins.php
--------------------------+-----------------------------
Reporter: _doherty | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.7.1
Severity: normal | Keywords:
--------------------------+-----------------------------
The text from the header comment is just dumped into the HTML of the
plugins listing. It should be escaped. Consider the following description:
This plugin embeds using the <object> tag
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26330>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list