Closed tomjn closed 8 years ago
These locations are missing escaping:
Some places with questionable security:
Some places could do with outputting rather than returning markup so that they can be escaped at output rather than early escaped, do_row is a prime offender:
do_row
https://github.com/stuttter/wp-spider-cache/blob/master/wp-spider-cache.php#L863
Otherwise the code looks good, sprintf used correctly for translations, and translations escaped effectively, very nice
sprintf
These locations are missing escaping:
Some places with questionable security:
Some places could do with outputting rather than returning markup so that they can be escaped at output rather than early escaped,
do_rowis a prime offender:https://github.com/stuttter/wp-spider-cache/blob/master/wp-spider-cache.php#L863
Otherwise the code looks good,
sprintfused correctly for translations, and translations escaped effectively, very nice