[wp-trac] [WordPress Trac] #30409: Twenty Fifteen: HTML characters in the color scheme CSS are escaped.
WordPress Trac
noreply at wordpress.org
Thu Dec 11 12:26:59 UTC 2014
#30409: Twenty Fifteen: HTML characters in the color scheme CSS are escaped.
---------------------------+--------------------------
Reporter: iamtakashi | Owner: iandstewart
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.1
Component: Bundled Theme | Version: trunk
Severity: blocker | Resolution: fixed
Keywords: has-patch | Focuses:
---------------------------+--------------------------
Comment (by iamtakashi):
Replying to [comment:5 nacin]:
> esc_html() is not a sanitization function. Please never do what [30398]
un-did. :-)
Do we need to use something else? CSS shouldn't need escaping though is
this good idea to use `wp_filter_nohtml_kses`? I'm asking this because a
theme check reports the setting missing a sanitisation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30409#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list