[wp-trac] [WordPress Trac] #33235: Drop strip_tags() for widget titles in forms
WordPress Trac
noreply at wordpress.org
Mon Aug 3 06:37:25 UTC 2015
#33235: Drop strip_tags() for widget titles in forms
--------------------------+------------------------------
Reporter: greenshady | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by greenshady):
Replying to [comment:2 westonruter]:
> I think `strip_tags()` is perhaps a legacy option where a newer more
appropriate sanitizing function `sanitize_text_field()` is available now
which strips tags in addition to doing a lot more, like trimming
whitespace and ensuring valid encoding. In any case, we shouldn't be using
`esc_attr()` for sanitizing input anyway.
This is not about sanitizing input. It's about escaping output.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33235#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list