[buddypress-trac] [BuddyPress Trac] #6990: Escape HTML in RSS Feeds
buddypress-trac
noreply at wordpress.org
Sun May 29 19:09:20 UTC 2016
#6990: Escape HTML in RSS Feeds
----------------------------------+---------------------
Reporter: danbrellis | Owner: djpaul
Type: defect (bug) | Status: closed
Priority: high | Milestone: 2.6
Component: Component - Activity | Version: 2.5.0
Severity: normal | Resolution: fixed
Keywords: |
----------------------------------+---------------------
Comment (by johnjamesjacoby):
Replying to [comment:2 DJPaul]:
> Team: should we be, as standard, filtering the likes of
`bp_get_activity_thread_permalink` with a hooked escaping function?
Yes. As a general rule, our `_get_` functions are unescaped, but their
equivalent `echo` functions should output properly sanitized and
trustworthy values.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6990#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list