[wp-trac] [WordPress Trac] #11040: esc_attr() doesn't strip HTML tags

WordPress Trac wp-trac at lists.automattic.com
Tue Oct 27 17:51:02 UTC 2009


#11040: esc_attr() doesn't strip HTML tags
------------------------------+---------------------------------------------
 Reporter:  kingjeffrey       |        Type:  defect (bug)
   Status:  new               |    Priority:  normal      
Milestone:  2.9               |   Component:  Formatting  
  Version:                    |    Severity:  normal      
 Keywords:  has-patch commit  |  
------------------------------+---------------------------------------------

Comment(by scribu):

 Textareas and inputs should use esc_html() instead. Besides that, when is
 it useful to have escaped html in an attribute?

 Besides, esc_attr() and esc_html() are currently ''identical''. So what's
 the point of having two functions that do the same thing?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11040#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list