Skip to:
Content

bbPress.org

Opened 21 months ago

Closed 4 weeks ago

#3492 closed defect (bug) (fixed)

"You may use these HTML tags and attributes:" not escaped correctly

Reported by: naxoc's profile naxoc Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6.10 Priority: normal
Severity: normal Version:
Component: General - UI/UX Keywords: has-patch commit
Cc: naxoc

Description

In some places the "You may use these HTML tags and attributes" string is not escaped correctly and ends up escaping the <abbr> tag too.

This fixes that.

Before:

After:

Attachments (3)

3492.patch (1.5 KB) - added by naxoc 21 months ago.
Screen Shot 2022-10-21 at 16.06.33.png (73.4 KB) - added by naxoc 21 months ago.
Before
Screen Shot 2022-10-21 at 16.06.42.png (58.3 KB) - added by naxoc 21 months ago.
After

Download all attachments as: .zip

Change History (6)

@naxoc
21 months ago

#1 @johnjamesjacoby
21 months ago

  • Keywords has-patch commit added
  • Milestone changed from Awaiting Review to 2.6.10
  • Owner set to johnjamesjacoby
  • Status changed from new to assigned

Patch looks perfect! 👍

#2 @naxoc
21 months ago

  • Cc naxoc added

#3 @johnjamesjacoby
4 weeks ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 7260:

Templates: correct escaping on allowed HTML Tags form template parts.

This change introduces a new template-part file: form-allowed-tags.php and uses it inside of the Forum, Topic, and Reply form template-parts.

Additionally, the output is now properly escaped, which prevents unintentional escaping of the <attr> tag inside of the string.

Fixes #3492.

Props naxoc.

In branches/2.6, for 2.6.10.

Note: See TracTickets for help on using tickets.