[wp-trac] [WordPress Trac] #44916: Add escape in walker nav menu title
WordPress Trac
noreply at wordpress.org
Mon Jun 10 14:37:55 UTC 2019
#44916: Add escape in walker nav menu title
----------------------------------------------+----------------------------
Reporter: harshall | Owner: welcher
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting
| Review
Component: Menus | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests close | Focuses:
----------------------------------------------+----------------------------
Changes (by SergeyBiryukov):
* keywords: has-patch needs-unit-tests => has-patch needs-unit-tests close
* milestone: 5.2.2 => Awaiting Review
Comment:
Historically, HTML is allowed in titles, see discussions in #4789, #14361,
#22436.
Markup is allowed in post titles and it gets sanitized by KSES, meaning
users without the `unfiltered_html` capability are limited to tags such as
`<strong>`, `<em>`, and a few others.
If we do decide to reconsider this, there are multiple places where titles
are not escaped, but at least `Walker_Page` should be updated for
consistency.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44916#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list