[Plugin: Events Manager] #_LINKEDNAME placeholder can generate invalid HTML – needs to escape title

  • Ross Wintle

    (@magicroundabout)


    13 years, 1 month ago

    Hi Marcus,

    Wow – this forum keeps you busy. Definitely one of the best-supported plugins.

    Just drawing your attention to a tiny bug.

    Using the #_LINKEDNAME placeholder seems to generate code like:

    <a href='https://my.website/events/event/' title='Don't use apostrophe's here!'>Don't use apostrophe's here</a>

    Hopefully you’ll see what I’m getting at. Attributes should be escaped using esc_attr()

    I think you fixed this recently for #_EVENTIMAGE, could you do the same for #_LINKEDNAME please?

    Perhaps you need to review where you’re creating markup and ensure that you’re always escaping attributes – a good habit which I’ve yet to develop myself!

    Ross

    https://www.ads-software.com/extend/plugins/events-manager/

Viewing 1 replies (of 1 total)
  • Plugin Author Marcus (aka @msykes)

    (@netweblogic)

    Hi Ross, thanks for the kind words. A habit I’ve taken only recently too ?? but looking at the code the latest version should already have that implemented?

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Events Manager] #_LINKEDNAME placeholder can generate invalid HTML – needs to escape title’ is closed to new replies.