[wp-trac] [WordPress Trac] #41921: add esc_html before the admin title display
WordPress Trac
noreply at wordpress.org
Wed Sep 20 11:25:05 UTC 2017
#41921: add esc_html before the admin title display
----------------------------+------------------------------
Reporter: lalitpendhare | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
----------------------------+------------------------------
Comment (by subrataemfluence):
Hello @lalitpendhare, I agree with @SergeyBiryukov specially in the
context of present coding pattern.
{{{
$admin_title = apply_filters( 'admin_title', $admin_title, $title );
}}}
Although the above line has `apply_filters` applied, the '''extra
content''' parameter `$admin_title` is already being outputted using an
`esc_html` above and not changing in between before this line is executed.
So adding another `esc_html` will be kind of useless.
However, as @adnan.limdi mentioned, because there is an `apply_filters`
and in future releases there could be a chance of `$admin_title` value
gets change before the line in question, it is always safe to have
`esc_html` applied at the point where the actual output is generated.
I personally feel what @lalitpendhare has recommended is good to integrate
as an enhancement.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41921#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list