[wp-trac] [WordPress Trac] #25485: Why does esc_attr not double encode entities by default?
WordPress Trac
noreply at wordpress.org
Fri Oct 4 10:23:31 UTC 2013
#25485: Why does esc_attr not double encode entities by default?
--------------------------+------------------------------
Reporter: smerriman | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 3.6.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by mark-k):
Can confirm that this is not only limited to options but also happens with
tag names.
Not sure that the proposed solution is the right one, as esc_attr can be
used with hard coded copyright symbol as a meta value (or other read only
type of values) for which you don't want to escape the html. Maybe there
should be a new function that does both escaping 'esc_value_attr' ?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25485#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list