[wp-trac] [WordPress Trac] #28251: Twenty Fourteen: Full size image link attribute escaping missing in image template
WordPress Trac
noreply at wordpress.org
Thu May 15 15:58:05 UTC 2014
#28251: Twenty Fourteen: Full size image link attribute escaping missing in image
template
-----------------------------------------+--------------------
Reporter: philiparthurmoore | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.0
Component: Bundled Theme | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch reporter-feedback | Focuses:
-----------------------------------------+--------------------
Comment (by philiparthurmoore):
Replying to [comment:1 lancewillett]:
> Thanks Philip. (Fanks!)
>
> Two quick thoughts:
>
> 1. Can you take a look at all the default themes? My guess is it's not
escaped everywhere.
> 2. Should we submit "upstream" to the core function to be escaped by
default? I think it's a better experience for theme developers '''not'''
to need to escape core functions.
Fanks, Lance!
1. Sure thing, I can take a look first thing tomorrow.
2. This is a really good point, and it's something that I had to make sure
of before I submitted this patch (searching to see if
`wp_get_attachment_url` was already escaped by core). In general I think
that if the escaping happens within the core functions then all the
better.
Would it still make sense to proceed with escaping all-the-things until
core has taken care of them (plus 2 versions for back compat)?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28251#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list