[wp-trac] [WordPress Trac] #58303: Escape $columns_css variable in dashboard widget
WordPress Trac
noreply at wordpress.org
Mon May 22 07:02:10 UTC 2023
#58303: Escape $columns_css variable in dashboard widget
-----------------------------------+-------------------------------
Reporter: mahamudur78 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion | Focuses: coding-standards
-----------------------------------+-------------------------------
Comment (by hbhalodia):
Hi @SergeyBiryukov @nazmulhudadev, I have added another patch for this
which uses the core `sanitize_html_class `
https://developer.wordpress.org/reference/functions/sanitize_html_class/
function to properly sanitize the HTML class. I think we should use this
function instead of any escaping function, as we are using it as a class.
Hence, this would be a proper sanitization function being used in the
context.
Thanks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58303#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list