Block Editor: Coding standards, properly escape class names.

Props: aduth, noisysocks, pento, talldanwp, jorgefilipecosta, whyisjake, ellatrix, ehti. git-svn-id: https://develop.svn.wordpress.org/trunk@47636 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-16 18:44:32 +00:00 · 2020-04-29 15:32:19 +00:00
parent 8e11facb67
commit ec05c8b897
2 changed files with 2 additions and 2 deletions
--- a/src/wp-includes/blocks/rss.php
+++ b/src/wp-includes/blocks/rss.php
@@ -92,7 +92,7 @@ function render_block_core_rss( $attributes ) {
 		$class .= ' ' . $attributes['className'];
 	}

-	return "<ul class='{$class}'>{$list_items}</ul>";
+	return sprintf( "<ul class='%s'>%s</ul>", esc_attr( $class ), $list_items );
 }

 /**
--- a/src/wp-includes/blocks/search.php
+++ b/src/wp-includes/blocks/search.php
@@ -57,7 +57,7 @@ function render_block_core_search( $attributes ) {

 	return sprintf(
 		'<form class="%s" role="search" method="get" action="%s">%s</form>',
-		$class,
+		esc_attr( $class ),
 		esc_url( home_url( '/' ) ),
 		$label_markup . $input_markup . $button_markup
 	);