diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 18:08:43 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 18:08:43 +0000 |
| commit | 84f037a1298431a8feaff283dd7006958c0181f0 (patch) | |
| tree | 4cc8a21b9865dc6c421f86ade88fd1a9a325f3be /wp-includes/html-api | |
| parent | Releasing progress-linux version 6.5.3+dfsg1-1~progress7.99u1. (diff) | |
| download | wordpress-84f037a1298431a8feaff283dd7006958c0181f0.tar.xz wordpress-84f037a1298431a8feaff283dd7006958c0181f0.zip | |
Merging upstream version 6.5.5+dfsg1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'wp-includes/html-api')
| -rw-r--r-- | wp-includes/html-api/class-wp-html-tag-processor.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/wp-includes/html-api/class-wp-html-tag-processor.php b/wp-includes/html-api/class-wp-html-tag-processor.php index c540ea9..bf7e026 100644 --- a/wp-includes/html-api/class-wp-html-tag-processor.php +++ b/wp-includes/html-api/class-wp-html-tag-processor.php @@ -2968,7 +2968,14 @@ class WP_HTML_Tag_Processor { if ( true === $value ) { $updated_attribute = $name; } else { - $escaped_new_value = esc_attr( $value ); + $comparable_name = strtolower( $name ); + + /* + * Escape URL attributes. + * + * @see https://html.spec.whatwg.org/#attributes-3 + */ + $escaped_new_value = in_array( $comparable_name, wp_kses_uri_attributes() ) ? esc_url( $value ) : esc_attr( $value ); $updated_attribute = "{$name}=\"{$escaped_new_value}\""; } |