[wp-trac] [WordPress Trac] #62545: Adminbar title not escaped
WordPress Trac
noreply at wordpress.org
Tue Nov 26 06:15:26 UTC 2024
#62545: Adminbar title not escaped
-------------------------------+------------------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Toolbar | Version:
Severity: minor | Resolution:
Keywords: close 2nd-opinion | Focuses:
-------------------------------+------------------------------
Comment (by sabernhardt):
The `wp_kses_post()` function does not fit either. It would change `&` to
`&`, but it would also break the search node (the screenshot shows the
front end without a search icon). The [https://github.com/WordPress
/wordpress-develop/blob/75c587f022116c17d03bbbf56b8e4db42ed1ebf4/src/wp-
includes/kses.php#L68 default KSES post array] does not allow `form` or
`input` elements, and the filter could remove other elements that plugins
rely on.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62545#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list