Skip to:

Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#6390 closed defect (bug) (fixed)

Nested escaping

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.3 Priority: normal
Severity: normal Version: 1.5
Component: Core Keywords: commit


There are a few places where calls to esc_url() are immediately and unnecessarily escaped again with esc_attr().

Imminent patch will clean these up for trunk.

Attachments (1)

6390.01.patch (1.9 KB) - added by johnjamesjacoby 9 years ago.

Download all attachments as: .zip

Change History (3)

#1 @johnjamesjacoby
9 years ago

  • Owner set to johnjamesjacoby
  • Resolution set to fixed
  • Status changed from new to closed

In 9791:

The esc_url() function does an adequate job of preparing URLs for output to the browser; there is no need to also call esc_attr() on the results. Fixes #6390.

#2 @DJPaul
8 years ago

  • Component changed from Tools - Code Improvement to Core
Note: See TracTickets for help on using tickets.