Skip to content

Commit 2ca28e4

Browse files
audrasjbaudrasjb
committed
Customize: Escape blogname option in underscores templates.
Props xknown, martinkrcho. git-svn-id: https://develop.svn.wordpress.org/trunk@54526 602fd350-edb4-49c9-b593-d223f7449a82
1 parent a4f9ca1 commit 2ca28e4

File tree

3 files changed

+5
-5
lines changed

3 files changed

+5
-5
lines changed

src/wp-includes/customize/class-wp-customize-header-image-control.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,10 +131,10 @@ public function print_header_image_template() {
131131
<# } else { #>
132132

133133
<button type="button" class="choice thumbnail"
134-
data-customize-image-value="{{{data.header.url}}}"
134+
data-customize-image-value="{{data.header.url}}"
135135
data-customize-header-image-data="{{JSON.stringify(data.header)}}">
136136
<span class="screen-reader-text"><?php _e( 'Set image' ); ?></span>
137-
<img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
137+
<img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
138138
</button>
139139

140140
<# if ( data.type === 'uploaded' ) { #>
@@ -159,7 +159,7 @@ public function print_header_image_template() {
159159

160160
<# } else { #>
161161

162-
<img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
162+
<img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
163163

164164
<# } #>
165165
<# } else { #>

src/wp-includes/customize/class-wp-customize-site-icon-control.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ public function content_template() {
6868
<div class="favicon">
6969
<img src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
7070
</div>
71-
<span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
71+
<span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
7272
</div>
7373
<img class="app-icon-preview" src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as an app icon' ); ?>" />
7474
</div>

src/wp-includes/media-template.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1497,7 +1497,7 @@ function wp_print_media_templates() {
14971497
<div class="favicon">
14981498
<img id="preview-favicon" src="{{ data.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
14991499
</div>
1500-
<span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
1500+
<span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
15011501
</div>
15021502

15031503
<strong aria-hidden="true"><?php _e( 'As an app icon' ); ?></strong>

0 commit comments

Comments
 (0)