Closed hbhalodia closed 1 year ago
innertext
wp_json_encode()
Given this existing code:
button.innerText = '<?php esc_html_e( 'Preview', 'preview-revisions' ); ?>';
It could be that a translation string incorporates an apostrophe, either because the language uses apostrophes:
Which would result in a syntax error here:
button.innerText = 'mua'i va'aiga'; // --------------------^
This issue is done in PR - https://github.com/rtCamp/wordpress-preview-revisions/pull/1
The issue is successfully tested and merged into master.
What?
innertext
the text is not escaped viawp_json_encode()
which can result into malicious injection or can be a syntax error in other languages.Given this existing code:
It could be that a translation string incorporates an apostrophe, either because the language uses apostrophes:
Which would result in a syntax error here: