[wp-trac] [WordPress Trac] #44988: The sanitize_html_class() is deceptive / "buggy"
WordPress Trac
noreply at wordpress.org
Fri Sep 11 10:12:33 UTC 2020
#44988: The sanitize_html_class() is deceptive / "buggy"
----------------------------+------------------------------
Reporter: ChiefAlchemist | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 4.9.6
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by ChiefAlchemist):
Replying to [comment:4 lgedeon]:
>
> If a significant number of plugins or themes outside core are relying on
sanitize_html_class() being wrong, however, then we might just have to
leave this alone.
>
Can you give an example of this? Ultimately, the issue here is, that a
class is passing "validation" that is not valid. How would someone go
about using something that's "against the law"? And if so, is that a good
thing?
That said, an arg (bool?) could be added to the function such that the
default is the current but the opposite would be able to actually do what
they function says it does.
Now we have:
sanitize_html_class( $my_string)
Next, we could have:
sanitize_html_class( $my_string, true)
Where true is the new & improved full-powered function, and the default of
false bypasses the new fix. This should maintain backward compatibility
and also allow the function to do what it promised to do. The extra arg is
friction but it's better than such an obvious bug remaining in core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44988#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list