[wp-trac] [WordPress Trac] #32812: Customizer Menus: Escaping inconsistencies
WordPress Trac
noreply at wordpress.org
Mon Jul 6 19:01:54 UTC 2015
#32812: Customizer Menus: Escaping inconsistencies
--------------------------+------------------------------
Reporter: swissspidy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+------------------------------
Comment (by westonruter):
I suppose if anyone _is_ doing that, they're exploiting a bug. Maybe we
just fix the sanitization to strip tags and trim, as opposed to escape and
trim, and apply this in JS and PHP on the admin page and the Customizer.
If someone *is* trying to hack the menu name to include markup, they
should expect this to hack to not be long for this world.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32812#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list