Skip to content

Commit ec05c8b

Browse files
whyisjakewhyisjake
committed
Block Editor: Coding standards, properly escape class names.
Props: aduth, noisysocks, pento, talldanwp, jorgefilipecosta, whyisjake, ellatrix, ehti. git-svn-id: https://develop.svn.wordpress.org/trunk@47636 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 8e11fac commit ec05c8b

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

src/wp-includes/blocks/rss.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ function render_block_core_rss( $attributes ) {
9292
$class .= ' ' . $attributes['className'];
9393
}
9494

95-
return "<ul class='{$class}'>{$list_items}</ul>";
95+
return sprintf( "<ul class='%s'>%s</ul>", esc_attr( $class ), $list_items );
9696
}
9797

9898
/**

src/wp-includes/blocks/search.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ function render_block_core_search( $attributes ) {
5757

5858
return sprintf(
5959
'<form class="%s" role="search" method="get" action="%s">%s</form>',
60-
$class,
60+
esc_attr( $class ),
6161
esc_url( home_url( '/' ) ),
6262
$label_markup . $input_markup . $button_markup
6363
);

0 commit comments

Comments
 (0)