[wp-trac] [WordPress Trac] #56655: add_menu_page - escaping $page_title, $menu_title
WordPress Trac
noreply at wordpress.org
Mon Sep 26 08:26:59 UTC 2022
#56655: add_menu_page - escaping $page_title, $menu_title
-------------------------+-----------------------------
Reporter: soupia18 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Menus | Version:
Severity: critical | Keywords:
Focuses: |
-------------------------+-----------------------------
Just wondering - shouldn't something like below, be escaped before the
output?
{{{#!php
<?php
add_menu_page(
__('<script>alert("hi1")</script>Page Title','text-domain'),
__('<script>alert("hi2")</script>Menu Title','text-domain'),
'manage_options',
'menu-slug',
array($this, 'my_callback'),
'dashicons-images-alt2',
);
}}}
Custom Post Types labels are going through escaping, but adding admin
menus like above, it doesn't.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56655>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list