[wp-trac] [WordPress Trac] #32556: Clarify behaviour of esc_attr() with respect to HTML entities
WordPress Trac
noreply at wordpress.org
Wed Jun 3 06:33:05 UTC 2015
#32556: Clarify behaviour of esc_attr() with respect to HTML entities
--------------------------+----------------------
Reporter: leewillis77 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Formatting | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Comment (by leewillis77):
Hi,
I'm aware it's a fine line between bug and support, but please consider
re-opening this - rationale below.
The reason I opened it as a bug, is because esc_attr() is interfering with
the string it is passed in undocumented ways. At the very least, that's a
documentation bug, ideally it just shouldn't do it - although I appreciate
that's probably difficult.
According to the documentation, all three of these '''should''' return the
same string, however the versions that include esc_attr() return different
output to the non-esc_attr() version.
{{{
htmlspecialchars('»') // Returns »
}}}
{{{
esc_attr(htmlspecialchars('»')); // Returns »
}}}
{{{
esc_attr('»'); // Returns »
}}}
The & passed into esc_attr is being decoded to & when it should not
be. I presume this is part of esc_attr() trying to make sure it's not
double-encoding things, but it should not decode if the encoding was part
of the source string.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32556#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list