Please Add Sanitization to Schema Output

  • Resolved wpexplorer

    (@wpexplorer)


    5 years, 5 months ago

    Looks like the schema markup is not sanitized at all. For example the $review_name variable comes from get_the_title() and it’s possible to technically include HTML in the return value which can break the schema output but also you should sanitize the output for security reasons.

    Can you please update the plugin to use wp_strip_all_tags in the schema output to comply with the WordPress guidelines?

    Thanks!

    ps: This is the only file I looked at since I was trying to fix an issue with a customer site, but if there isn’t sanitization here I’m sure maybe other places as well. It would be ideal if you could sanitize all user input that is displayed on the site ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor dudo

    (@dudo)

    Hi,
    all field that comes from user input are sanitized indeed (function yasr_general_options_sanitize as example)

    I didn’t know was possible to save html in the title, will release a fix ASAP

    • This reply was modified 5 years, 5 months ago by dudo.
    Plugin Contributor dudo

    (@dudo)

    Fixed with version 1.9.9.

    Thank you for sharing this.

    Thread Starter wpexplorer

    (@wpexplorer)

    Wow, I’m very impressed with how quickly you respond and your willingness to improve your product. Keep up the great work!

    – AJ

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Please Add Sanitization to Schema Output’ is closed to new replies.