[wp-trac] [WordPress Trac] #48117: onclick attribute is not properly escaped in the _render_item method of WP_Admin_Bar class.
WordPress Trac
noreply at wordpress.org
Mon Oct 28 11:19:45 UTC 2019
#48117: onclick attribute is not properly escaped in the _render_item method of
WP_Admin_Bar class.
--------------------------+-----------------------------
Reporter: tmatsuur | Owner: whyisjake
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Toolbar | Version: 5.2.3
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+-----------------------------
Changes (by dinhtungdu):
* keywords: needs-patch => has-patch
Comment:
[attachment:"48117.diff"] escapes `onclick` attribute properly and
prevents duplicated rendering of `onclick` when the `href` attribute
presents.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48117#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list