[wp-trac] [WordPress Trac] #26330: Plugin descriptions aren't HTML-escaped on /wp-admin/plugins.php

WordPress Trac noreply at wordpress.org
Fri Nov 29 21:52:48 UTC 2013


#26330: Plugin descriptions aren't HTML-escaped on /wp-admin/plugins.php
--------------------------+-----------------------------
 Reporter:  _doherty      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  3.7.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 The text from the header comment is just dumped into the HTML of the
 plugins listing. It should be escaped. Consider the following description:

 This plugin embeds using the <object> tag

--
Ticket URL: <http://core.trac.wordpress.org/ticket/26330>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list