[wp-trac] [WordPress Trac] #40401: Value of data-colname in wp-list-table is not escaped
WordPress Trac
noreply at wordpress.org
Tue May 18 03:15:54 UTC 2021
#40401: Value of data-colname in wp-list-table is not escaped
------------------------------+-----------------------
Reporter: rellect | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 5.8
Component: Administration | Version: 4.3
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+-----------------------
Comment (by Hareesh Pillai):
Thanks for the refresh, @audrasjb.
I notice a few other instances of `wp_strip_all_tags()` used without
escaping. In the [https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/class-wp-screen.php#L1180 class-wp-screen] file, for
instance.
Should we handle those cases as well?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40401#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list