[wp-trac] [WordPress Trac] #65076: Missing escaping in title tag
WordPress Trac
noreply at wordpress.org
Wed Apr 15 05:27:34 UTC 2026
#65076: Missing escaping in title tag
------------------------------------+-------------------------------
Reporter: maheshpatel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
------------------------------------+-------------------------------
Description changed by dd32:
Old description:
> **Missing escaping in `<title>` tag** ⭐ TOP PICK
> - **File:** [src/wp-login.php](src/wp-login.php#L97)
> - **Line:** 97
> - **Problem:** `<title>` tag outputs `$login_title` without escaping.
> Special characters could break HTML structure.
> - **Severity:** Security best practice
> - **Current Code:**
>
> <title><?php echo $login_title; ?></title>
>
> - **Fix:**
>
> <title><?php echo esc_html( $login_title ); ?></title>
New description:
**Missing escaping in `<title>` tag** ⭐ TOP PICK
- **File:** [src/wp-login.php](src/wp-login.php#L97)
- **Line:** 97
- **Problem:** `<title>` tag outputs `$login_title` without escaping.
Special characters could break HTML structure.
- **Severity:** Security best practice
- **Current Code:**
{{{
<title><?php echo $login_title; ?></title>
}}}
- **Fix:**
{{{
<title><?php echo esc_html( $login_title ); ?></title>
}}}
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65076#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list