[wp-trac] [WordPress Trac] #30036: Add some escaping to $handle when printing styles.
WordPress Trac
noreply at wordpress.org
Sat Oct 18 22:58:05 UTC 2014
#30036: Add some escaping to $handle when printing styles.
-----------------------------+-----------------------------
Reporter: georgestephanis | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Script Loader | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
There's a number of instances where we're currently printing out the
dependency handle without any sort of escaping. We should probably do
something about that.
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class.wp-
styles.php#L87
`WP_Styles::do_item()`
Things can currently get somewhat mucked up if someone enqueues a script
or style with a single quote in it, that breaks out of the id attribute.
I'm not sure what the best fix for this is, attached are some starting
point unit tests to demonstrate the varied types of handles that work
currently, that we'll want to at least take into consideration.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30036>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list