Add escaping to get_the_password_form()

WebDevStudios · Jun 15, 2021 · 7ae9a73 · 7ae9a73
1 parent 97059e1
commit 7ae9a73
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/template-parts/content-password-protected.php b/template-parts/content-password-protected.php
@@ -16,8 +16,27 @@
 
 		<div class="entry-content">
 			<?php
-				 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
-				echo get_the_password_form();
+			echo wp_kses(
+				get_the_password_form(),
+				[
+					'p'     => [],
+					'label' => [
+						'for' => [],
+					],
+					'form'  => [
+						'action' => [],
+						'class'  => [],
+						'method' => [],
+					],
+					'input' => [
+						'id'    => [],
+						'name'  => [],
+						'size'  => [],
+						'type'  => [],
+						'value' => [],
+					],
+				]
+			);
 			?>
 		</div><!-- .entry-content -->