Skip to content

Commit

Permalink
Add escaping to get_the_title
Browse files Browse the repository at this point in the history
  • Loading branch information
@bradp
bradp committed Jun 15, 2021
1 parent abb4de7 commit 97059e1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion comments.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
/* translators: the number of comments */
esc_html( _nx( '%1$s thought on “%2$s”', '%1$s thoughts on “%2$s”', get_comments_number(), 'comments title', '_s' ) ),
number_format_i18n( get_comments_number() ), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK.
'<span>' . get_the_title() . '</span>' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK.
'<span>' . wp_kses_post( get_the_title() ) . '</span>' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- XSS OK.
);
?>
</h3>
Expand Down
4 changes: 2 additions & 2 deletions inc/template-tags.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ function _s_entry_footer() {
sprintf(
/* translators: %s: Name of current post */
esc_html__( 'Edit %s', '_s' ),
the_title( '<span class="screen-reader-text">"', '"</span>', false )
wp_kses_post( get_the_title( '<span class="screen-reader-text">"', '"</span>', false ) )
),
'<span class="edit-link">',
'</span>'
Expand Down Expand Up @@ -255,7 +255,7 @@ function _s_get_the_title( $args = [] ) {
$args = wp_parse_args( $args, $defaults );

// Trim the title.
return wp_trim_words( get_the_title( get_the_ID() ), $args['length'], $args['more'] );
return wp_kses_post( wp_trim_words( get_the_title( get_the_ID() ), $args['length'], $args['more'] ) );
}

/**
Expand Down

0 comments on commit 97059e1

Please sign in to comment.