$content escaped – Shortcodes

  • Since $content is included in the return value without any escaping or encoding, the user can include raw HTML:

    [caption]My Caption[/caption]

    Which would produce:

    <span class=”caption”>My Caption</span>

    How come that is not true? The content is coming out escaped.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘$content escaped – Shortcodes’ is closed to new replies.