[buddypress-trac] [BuddyPress Trac] #7656: Update `bp_new_group_invite_friend_list` for new $args to support full list markup
buddypress-trac
noreply at wordpress.org
Wed Jan 17 11:37:19 UTC 2018
#7656: Update `bp_new_group_invite_friend_list` for new $args to support full list
markup
-------------------------+------------------
Reporter: hnla | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Groups | Version:
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------
Comment (by hnla):
>not be escaped and just accept whatever it's given?
>rely on people passing the entire element e.g. <h3 class="yolo"> which is
what the widgets code does
We certainly can do, however does this not present 'opportunities' do we
not worry about what string may be passed through, if we have no
particular security concerns I would be happy to just let the dev pass in
what they need i.e `'<ul class="invite-friends-list">'`
I'll think on more about this and other BP core examples.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7656#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list