[wp-trac] [WordPress Trac] #56158: I've found an unescaped 'src' of an 'img' tag in 'wp-content/themes/twentyfourteen/header.php’ in line no 39. I think it should be escaped
WordPress Trac
noreply at wordpress.org
Wed Jul 6 12:18:23 UTC 2022
#56158: I've found an unescaped 'src' of an 'img' tag in 'wp-
content/themes/twentyfourteen/header.php’ in line no 39. I think it should
be escaped
---------------------------+-------------------------------
Reporter: mahbubshovan | Owner: sergeybiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Bundled Theme | Version: trunk
Severity: normal | Resolution: invalid
Keywords: | Focuses: coding-standards
---------------------------+-------------------------------
Comment (by audrasjb):
Hello and welcome to WordPress Core Trac!
Thanks @mahbubshovan for opening the ticket and thanks @amitbarai013 for
the patch.
However, I'm not sure this is really needed since `header_image()` already
uses `esc_url()` on the returned string.
Source code: https://github.com/WordPress/wordpress-develop/blob/6.0/src
/wp-includes/theme.php#L1397-L1403
Also, the url returned by `header_image()` is not filterable, so it looks
like the string can't be altered.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56158#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list