[wp-trac] [WordPress Trac] #40401: Value of data-colname in wp-list-table is not escaped

WordPress Trac noreply at wordpress.org
Tue May 18 03:15:54 UTC 2021


#40401: Value of data-colname in wp-list-table is not escaped
------------------------------+-----------------------
 Reporter:  rellect           |       Owner:  (none)
     Type:  defect (bug)      |      Status:  reopened
 Priority:  normal            |   Milestone:  5.8
Component:  Administration    |     Version:  4.3
 Severity:  normal            |  Resolution:
 Keywords:  has-patch commit  |     Focuses:
------------------------------+-----------------------

Comment (by Hareesh Pillai):

 Thanks for the refresh, @audrasjb.

 I notice a few other instances of `wp_strip_all_tags()` used without
 escaping. In the [https://core.trac.wordpress.org/browser/trunk/src/wp-
 admin/includes/class-wp-screen.php#L1180 class-wp-screen] file, for
 instance.
 Should we handle those cases as well?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/40401#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list