[wp-trac] [WordPress Trac] #60324: Add missing esc_html()
WordPress Trac
noreply at wordpress.org
Fri Jan 26 06:42:55 UTC 2024
#60324: Add missing esc_html()
--------------------------+-------------------------------
Reporter: nareshbheda | Owner: audrasjb
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
--------------------------+-------------------------------
Comment (by shailu25):
There is another instance of this on **Line 80 in wp-includes/customize
/class-wp-customize-nav-menu-location-control.php**
{{{
echo '<option value="' . esc_attr( $value ) . '"' . selected(
$this->value(), $value, false ) . '>' . $label . '</option>';
}}}
It should be
{{{
echo '<option value="' . esc_attr( $value ) . '"' . selected(
$this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60324#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list