[buddypress-trac] [BuddyPress Trac] #6990: Escape HTML in RSS Feeds

buddypress-trac noreply at wordpress.org
Sun May 29 19:09:20 UTC 2016


#6990: Escape HTML in RSS Feeds
----------------------------------+---------------------
 Reporter:  danbrellis            |       Owner:  djpaul
     Type:  defect (bug)          |      Status:  closed
 Priority:  high                  |   Milestone:  2.6
Component:  Component - Activity  |     Version:  2.5.0
 Severity:  normal                |  Resolution:  fixed
 Keywords:                        |
----------------------------------+---------------------

Comment (by johnjamesjacoby):

 Replying to [comment:2 DJPaul]:
 > Team: should we be, as standard, filtering the likes of
 `bp_get_activity_thread_permalink` with a hooked escaping function?
 Yes. As a general rule, our `_get_` functions are unescaped, but their
 equivalent `echo` functions should output properly sanitized and
 trustworthy values.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6990#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list