Security Suggestion

  • Resolved profmikebroyles

    (@profmikebroyles)


    6 months, 4 weeks ago

    My static code analysis security scanning tool flagged this block of code:

    */ public function output_structured_data() { if ( $this->structured_data ) { echo '<script type="application/ld+json">' . _wp_specialchars(

    From /breadcrumb-block/includes/breadcrumbs.php

    The error is:

    Error( severity 5 ): All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '_wp_specialchars' (WordPress.Security.EscapeOutput.OutputNotEscaped).

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Phi Phan

    (@mr2p)

    Hi @profmikebroyles,

    Thank you for pointing that out. I will do the fix in the next version. However, it is not a significant sercurity hole, you can safely continue to use the block in the current version.

    Phi.

    Plugin Author Phi Phan

    (@mr2p)

    Hi?@profmikebroyles,

    This error messsage is more like a coding convention warning rather than a security error. I have added comment text to the code to clear this message in the latest version. Thank you again for your feedback.

    Phi.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Suggestion’ is closed to new replies.