[wp-trac] [WordPress Trac] #25422: Don't escape plugin author field when deleting plugin
WordPress Trac
noreply at wordpress.org
Fri Sep 27 09:53:36 UTC 2013
#25422: Don't escape plugin author field when deleting plugin
----------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch |
----------------------------+------------------------------
Comment (by johnbillion):
On the Plugins screen we display the author field without escaping it
(conditionally wrapped in a link to AuthorURI if it's present). This means
we have disparity between the Plugins screen and the plugin deletion
confirmation screen.
On both screens, the plugin data passes through KSES with a restrictive
set of tags in `_get_plugin_data_markup_translate()`.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25422#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list