Skip to content

Commit 869ccec

Browse files
girishpanchal30girishpanchal30
committed
fix(nmform): escape input label properly
1 parent 96fb94f commit 869ccec

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

inc/nmInput.class.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ public function Regular( $args, $default_value = '' ) {
155155
$html = '<div class="' . $input_wrapper_class . '">';
156156
if ( $label ) {
157157
$html .= '<label class="' . $this->get_default_setting_value( 'global', 'label_class', $id ) . '" for="' . $id . '">';
158-
$html .= esc_html( $label ) . '</label>';
158+
$html .= wp_kses( $label, array( 'span' => array( 'class' => true, 'data-*' => true, 'title' => true ) ) ) . '</label>';
159159
}
160160

161161
if ( $price !== '' ) {
@@ -235,7 +235,7 @@ public function Measure( $args, $default_value = '' ) {
235235
$html = '<div class="' . esc_attr( $input_wrapper_class ) . '">';
236236
if ( $label ) {
237237
$html .= '<label class="' . $this->get_default_setting_value( 'global', 'label_class', $id ) . '" for="' . $id . '">';
238-
$html .= esc_html( $label ) . '</label>';
238+
$html .= wp_kses( $label, array( 'span' => array( 'class' => true, 'data-*' => true, 'title' => true ) ) ) . '</label>';
239239
}
240240

241241
$classes .= ' ppom-measure-input';
@@ -1596,7 +1596,7 @@ public function Custom( $args, $default_value = '' ) {
15961596
$html = '<div class="' . $input_wrapper_class . '">';
15971597
if ( $label ) {
15981598
$html .= '<label class="' . $this->get_default_setting_value( 'global', 'label_class', $id ) . '" for="' . $id . '">';
1599-
$html .= esc_html( $label ) . '</label>';
1599+
$html .= wp_kses( $label, array( 'span' => array( 'class' => true, 'data-*' => true, 'title' => true ) ) ) . '</label>';
16001600
}
16011601

16021602
$html .= apply_filters( 'nmform_custom_input', $html, $args, $default_value );

0 commit comments

Comments
 (0)