Escape `$custom_css` in `wpgraphql-ide.php:561`

wp-graphql / wpgraphql-ide

A next-gen query editor for WPGraphQL 🚀

GNU General Public License v3.0

11 stars 0 forks source link

Escape `$custom_css` in `wpgraphql-ide.php:561` #205

Closed josephfusco closed 1 month ago

josephfusco commented 1 month ago

Acceptance Criteria:

Escape the $custom_css variable using the appropriate esc_*() function before it is echoed in wpgraphql-ide.php line 561.
Ensure escaping occurs at the point of output (i.e., 'escaping late').

Referenced Email Section:

Example from your plugin: wpgraphql-ide.php:561 wp_add_inline_style( 'wpgraphql-ide-admin-notices', $custom_css ); ↳ Remember to ALWAYS escape as LATE as possible as with a PROPER function for the context.

josephfusco commented 1 month ago

Closed by https://github.com/wp-graphql/wpgraphql-ide/releases/tag/v4.0.1