Escape "Queried Object" HTML in the WP Query Panel
-
In the WP Query panel, under the heading Queried Object, the HTML output is not escaped via
esc_html()like Query Arguments and Query SQL output are.I’ve tested adding
$value = esc_html( $value );between line 101 and 102 in the plugin and this worked for me. Sinceesc_html()is used for the other two sections mentioned, I believe this should be applied here as well.
- The topic ‘Escape "Queried Object" HTML in the WP Query Panel’ is closed to new replies.
