Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "escaping and sanitization fixes" #358

Merged
merged 2 commits into from Jul 13, 2016

Conversation

Projects
None yet
2 participants
@diegoquinteiro
Copy link
Collaborator

commented Jul 13, 2016

This reverts commit 232b2c9.

The escaping here is breaking the UI, as the variables being escaped here DO contain HTML, although it is not user-generated HTML, but hardcoded HTML configured on the descriptions provided for each field.

instant_articles_settings_ diego_quinteiro _wordpress

@diegoquinteiro

This comment has been minimized.

Copy link
Collaborator Author

commented Jul 13, 2016

@philipjohn can we get this out? =)

@philipjohn

This comment has been minimized.

Copy link
Member

commented Jul 13, 2016

I've restored escaping, but using wp_kses_post() which will allow the limited HTML we want, and I've also restored the changes in wpcom-helper.php that are still valid.

@philipjohn philipjohn merged commit f6d0bde into master Jul 13, 2016

@philipjohn philipjohn deleted the revert_descriptions_encoding branch Jul 13, 2016

@philipjohn philipjohn referenced this pull request Jul 13, 2016

Merged

Release 3.0.1 #359

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.