[wp-trac] [WordPress Trac] #23334: Use the proper function to escape WP.org links
WordPress Trac
noreply at wordpress.org
Tue Jan 2 13:18:47 UTC 2024
#23334: Use the proper function to escape WP.org links
----------------------------+-----------------------------
Reporter: SergeyBiryukov | Owner: SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.6
Component: Formatting | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses:
----------------------------+-----------------------------
Comment (by merdurano):
In Word Press, it's important to properly escape and sanitize any data
that is outputted to the web page, especially when dealing with URLs. To
escape a URL in WordPress, you should use the esc_url() function. Here's
how you can modify your code to use esc_url():
{{{#!php
<?php
<a href="<?php echo esc_url( 'http://wordpress.org/' ); ?>"><?php _e(
'WordPress' ); ?></a>
}}}
In this modified code, we've replaced esc_attr_e() with esc_url() to
properly escape the URL
--
Ticket URL: <https://core.trac.wordpress.org/ticket/23334#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list