Escaping the output of the field id and names with esc_attr(); #154

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants

Prevents quotation marks from breaking the the text fields. Also provides an additional security layer.

Jared Atchison and others added some commits Apr 16, 2012

Jared Atchison Merge pull request #134 from jtsternberg/master
Please consider adding the 'std' ability to the select type.
40fbb59
@c3mdigital c3mdigital Escaping the output of the field id and names with esc_attr(); to pre…
…vent quotation marks from breaking fields. Also adds additional security.
d5ce802
@c3mdigital c3mdigital Added inline doc 4b73bf5
Owner

c3mdigital commented on init.php in d5ce802 Jun 6, 2012

Conditional check to make sure we are not on a file type field.

Owner

c3mdigital commented on init.php in d5ce802 Jun 6, 2012

Pre escapes all the fields on output.

Collaborator

jtsternberg commented Nov 29, 2013

If this is still an issue post-1.0.0, feel free to submit another PR against the trunk branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment