[wp-trac] [WordPress Trac] #31303: Add theme-browsing and theme-switching to the Customizer
WordPress Trac
noreply at wordpress.org
Tue Mar 3 05:46:48 UTC 2015
#31303: Add theme-browsing and theme-switching to the Customizer
------------------------------+--------------------------
Reporter: celloexpressions | Owner: markjaquith
Type: task (blessed) | Status: closed
Priority: normal | Milestone: 4.2
Component: Customize | Version: trunk
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses: ui
------------------------------+--------------------------
Comment (by dd32):
Replying to [comment:8 westonruter]:
> Replying to [comment:7 ocean90]:
> > Replying to [comment:6 westonruter]:
> > > Attached [attachment:31303.3.diff] with some fixes for jshint and
some improvements to escaping.
> >
> > We don't escape translations like that.
>
> Why not? Isn't it generally a good idea in the case of malicious POT
files?
Basically we generally trust the translations, and don't waste the extra
time in processing their contents.
There's a lot of strings in WordPress, and unless we're going to change
them all, there's little point in changing a few, when you combine that
with the fact a string may legitimately have HTML in it, you suddenly get
to a point where if a malicious translation wants to affect the screen, it
just means it has to target a specific string on the page, rather than the
other 20.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31303#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list