[wp-trac] [WordPress Trac] #57165: Add escaping in widget archives page
WordPress Trac
noreply at wordpress.org
Mon Nov 21 13:24:16 UTC 2022
#57165: Add escaping in widget archives page
--------------------------+----------------------
Reporter: jaedm97 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Widgets | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by ocean90):
* keywords: has-patch =>
* status: new => closed
* version: trunk =>
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hello there, `$title` can contain HTML depending on whether the widget's
`before_title`/`after_title` arguments are set.
The title as entered by the user is already escaped through the
`widget_title` filter and `esc_html()`, see
https://core.trac.wordpress.org/browser/tags/6.1.1/src/wp-includes
/default-filters.php?desc=1#L149.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57165#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list