[buddypress-trac] [BuddyPress Trac] #6990: Escape HTML in RSS Feeds

buddypress-trac noreply at wordpress.org
Thu Mar 31 21:15:19 UTC 2016

#6990: Escape HTML in RSS Feeds
 Reporter:  danbrellis            |      Owner:
     Type:  defect (bug)          |     Status:  new
 Priority:  normal                |  Milestone:  Awaiting Review
Component:  Component - Activity  |    Version:  2.5.0
 Severity:  normal                |   Keywords:
 In my theme I have a filter that appends a query string (via
 append_query_string()) to an activity's primary_link that is stored in the
 database. As a result, when I visit www.example.org/groups/mygroup/feed, I
 get an error:

 error on line X at column X: EntityRef: expecting ';'

 After some digging, this is caused as a result of the query string in the
 <link> element that has unescaped ampersands. I've found that applying
 this to my functions.php file fixes the problem.

 function my_theme_bp_get_activity_thread_permalink($link){
   return esc_url($link);

 What I'm wondering is if esc_url() should be applied to
 bp_get_activity_thread_permalink() or where the <link> is output in the
 BP_Activity_Feed class or if it's just me.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6990>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list