[wp-trac] [WordPress Trac] #30036: Add some escaping to $handle when printing styles.
WordPress Trac
noreply at wordpress.org
Sun Oct 19 00:43:23 UTC 2014
#30036: Add some escaping to $handle when printing styles.
-----------------------------+------------------------------
Reporter: georgestephanis | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Script Loader | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by georgestephanis):
I'd be most comfortable if we used `esc_attr()` right before the output.
That has the least chance for breakage on backward compatibility if
someone's trying to call `wp_style_add_data()` on a funkily-named asset
that had previously worked -- and now suddenly doesn't.
If we were building the system from scratch and didn't have to worry about
backward compatibility, I'd probably also add one on when the dependency
is registered/enqueued, but still as we do tend to work off of globals,
would probably want the added security of `esc_attr()`'ing the output.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30036#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list