[wp-trac] [WordPress Trac] #58127: Bundled themes: Add escaping for get_search_query()
WordPress Trac
noreply at wordpress.org
Thu Aug 22 18:31:07 UTC 2024
#58127: Bundled themes: Add escaping for get_search_query()
---------------------------+------------------------------
Reporter: himshekhar07 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
---------------------------+------------------------------
Comment (by sabernhardt):
Testing the pull request with each theme:
1. Create a post with an HTML tag in its title (for example, "First line
<br>Second line"). If your site does not already have a search form, you
could add a Search block to the post.
2. Publish the post and refresh the editor.
3. Verify that the block editor uses the title's HTML tag as HTML. If you
still see "<br>" in the title, you may need to visit the Posts list and
use Quick Edit.
4. Visit the site, and enter your post title in the search form so it
returns a result.
5. View the search results page's HTML source and find the `h1` element.
It should have `<` in place of `<` and `>` instead of `>`. If you
activate the attached plugin with the current PR applied, you should find
`|esc_html|` but not `|esc_attr|`.
Twenty Twenty-One has an additional instance of `get_search_query()` in
its `content-none` template. To test that, enter a search query that would
return zero results (for example, "Unfindable <br>search query").
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58127#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list