[wp-trac] [WordPress Trac] #63071: Getting All output should be run through an escaping function error into the WordPress core files.
WordPress Trac
noreply at wordpress.org
Fri Mar 7 20:40:38 UTC 2025
#63071: Getting All output should be run through an escaping function error into
the WordPress core files.
-------------------------------------------------+-------------------------
Reporter: viralsampat | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: dev-feedback needs-testing changes- | Focuses: coding-
requested | standards
-------------------------------------------------+-------------------------
Changes (by audrasjb):
* keywords: dev-feedback needs-testing => dev-feedback needs-testing
changes-requested
* version: trunk =>
Comment:
@viralsampat thanks for the patch, however I found at least one occurrence
that will break the content displayed by the variable: `<?php echo
esc_html( $help_sidebar ); ?>`
`$help_sidebar` can contain HTML content as mentioned in the related
Docblock- see function `set_help_sidebar()`: `@param string $content
Sidebar content in plain text or HTML.`
The other occurrences in your patch need to be checked as well.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63071#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list