[buddypress-trac] [BuddyPress Trac] #7656: Update `bp_new_group_invite_friend_list` for new $args to support full list markup
buddypress-trac
noreply at wordpress.org
Wed Jan 17 12:18:54 UTC 2018
#7656: Update `bp_new_group_invite_friend_list` for new $args to support full list
markup
-------------------------+------------------
Reporter: hnla | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Groups | Version:
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------
Comment (by DJPaul):
Any developer can pass any value to any function. We all know that. That's
why we're so careful with sanitising user-supplied data, because it could
be anything.
If there's no way to inject a value into a unit of code at runtime (be
that a search form value, or the result of an API request, or data from an
RSS feed, etc), then it's safe -- at least from this very specific
perspective.
We don't need to harden BuddyPress against developers making poor choices
with how they write their code (i.e. making up their own HTML elements).
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7656#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list