[wp-trac] [WordPress Trac] #27942: Site Title not escaped when using HTML entities
WordPress Trac
noreply at wordpress.org
Sun Jun 29 21:28:02 UTC 2014
#27942: Site Title not escaped when using HTML entities
--------------------------------+-----------------------------
Reporter: BandonRandon | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Options, Meta APIs | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------------+-----------------------------
Changes (by BandonRandon):
* keywords: needs-patch => has-patch
Comment:
I dung into this some more and learned that you are able to use valid HTML
in the site title. For example if you decided to use `<em>Site</em>
<strong> Title</strong>` the title will save and output correctly.
It looks like this problem is only occurring when using invalid HTML.
[[Image(https://i.cloudup.com/q6Gqt8Je-n-2000x2000.png,100%)]]
I have submitted a patch that switches from using `wp_kses_post` to
`htmlentities2` in formatting.php resolving this issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27942#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list