Escape instances of unescapeed output in AMP settings screen code #3703
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
schlessera
requested changes
Nov 9, 2019
| wp_kses( | ||
| sprintf( | ||
| /* translators: %s: Persistent object cache support URL */ | ||
| __( 'The AMP plugin performs at its best when persistent object cache is enabled. <a href="%s">More details</a>', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput |
There was a problem hiding this comment.
As we have now added escaping, we don't need the PHPCS exceptions anymore.
Suggested change
| __( 'The AMP plugin performs at its best when persistent object cache is enabled. <a href="%s">More details</a>', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput | |
| __( 'The AMP plugin performs at its best when persistent object cache is enabled. <a href="%s">More details</a>', 'amp' ), |
| wp_kses( | ||
| sprintf( | ||
| /* translators: %s: post-processor cache support URL */ | ||
| __( 'The AMP plugin‘s post-processor cache was disabled due to the detection of highly-variable content. <a href="%s">More details</a>', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput |
There was a problem hiding this comment.
Suggested change
| __( 'The AMP plugin‘s post-processor cache was disabled due to the detection of highly-variable content. <a href="%s">More details</a>', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput | |
| __( 'The AMP plugin‘s post-processor cache was disabled due to the detection of highly-variable content. <a href="%s">More details</a>', 'amp' ), |
| wp_kses( | ||
| sprintf( | ||
| /* translators: %s: path to the conflicting library */ | ||
| __( 'A conflicting version of PHP-CSS-Parser appears to be installed by another plugin or theme (located in %s). Because of this, CSS processing will be limited, and tree shaking will not be available.', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput |
There was a problem hiding this comment.
Suggested change
| __( 'A conflicting version of PHP-CSS-Parser appears to be installed by another plugin or theme (located in %s). Because of this, CSS processing will be limited, and tree shaking will not be available.', 'amp' ), // phpcs:ignore WordPress.Security.EscapeOutput | |
| __( 'A conflicting version of PHP-CSS-Parser appears to be installed by another plugin or theme (located in %s). Because of this, CSS processing will be limited, and tree shaking will not be available.', 'amp' ), |
Co-Authored-By: Alain Schlesser <alain.schlesser@gmail.com>
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: no
|
Hey @schlessera could you also give consent when you have the time, thanks. |
|
@googlebot I consent. |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: yes
schlessera
approved these changes
Nov 9, 2019
westonruter
added a commit
that referenced
this pull request
Nov 11, 2019
…-editor-amp-preview * 'develop' of github.com:ampproject/amp-wp: (30 commits) Fix identifying sources for validation errors coming child themes (#3708) Fix failing E2E tests (#3707) Remove amp_validate query var from Validated URL 'View' row action Re-factor get_html_attribute_pattern as match_element_attributes Quote variables added to regex pattern Escape instances of unescapeed output in AMP settings screen code (#3703) Replace incorrect usage of esc_url() with esc_url_raw() Remove empty alt attributes Add object-fit=contain to amp-youtube placeholder image Prevent copying empty title/alt in WP<5.2 Extract HTML attribute parsing logic into base class, and use for YouTube embeds Update doc comment for `get_video_id_from_url` Merge separate regexes used to retrieve props into one Replace ambiguous `$fallback` with `$fallback_for_expected` Refactor `get_video_id_from_url` function Replace the fallback with an image placeholder for the iframe Remove todo HTML entity encoding will be handled by the DOM instead Bump `oembed` function deprecation version to 1.5.0 Bump develop to v1.5.0-alpha ...
westonruter
added a commit
that referenced
this pull request
Nov 11, 2019
…ry-shortcode-captions * 'develop' of github.com:ampproject/amp-wp: (61 commits) Improve specificity of JS doc Fix identifying sources for validation errors coming child themes (#3708) Fix failing E2E tests (#3707) Remove amp_validate query var from Validated URL 'View' row action Re-factor get_html_attribute_pattern as match_element_attributes Quote variables added to regex pattern Escape instances of unescapeed output in AMP settings screen code (#3703) Replace incorrect usage of esc_url() with esc_url_raw() Remove empty alt attributes Add object-fit=contain to amp-youtube placeholder image Prevent copying empty title/alt in WP<5.2 Extract HTML attribute parsing logic into base class, and use for YouTube embeds Update doc comment for `get_video_id_from_url` Merge separate regexes used to retrieve props into one Replace ambiguous `$fallback` with `$fallback_for_expected` Refactor `get_video_id_from_url` function Replace the fallback with an image placeholder for the iframe Remove todo HTML entity encoding will be handled by the DOM instead Bump `oembed` function deprecation version to 1.5.0 ...
westonruter
added a commit
that referenced
this pull request
Nov 14, 2019
* tag '1.4.1': (26 commits) Bump 1.4.1 Update screenshots for 1.4.1 Fix expected image name after upstream change (#3749) Use length property instead of count() method on DOMNodeList (#3727) Improve display of validation errors for scripts (#3722) Conditionally run E2E tests (#3723) Tidy up validation error details (#3721) Bump 1.4.1-RC1 Default to the homepage instead of fetching the first AMP compatible post to customize (#3715) Add missing space after sentence (#3720) Include text content of style element in validation error (#3717) Use bitwise operator. Check if element is not in top toolbar. Fix user select for meta date and author Allow right click for meta blocks Fix summarizing error sources both parent theme and child theme (#3709) Fix identifying sources for validation errors coming child themes (#3708) Fix failing E2E tests (#3707) Remove amp_validate query var from Validated URL 'View' row action (#3706) Escape instances of unescapeed output in AMP settings screen code (#3703) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #3217.
Checklist