Seriously-Simple-Podcasting icon indicating copy to clipboard operation
Seriously-Simple-Podcasting copied to clipboard
verified publisher icon CastosHQ

title and permalink aren't being properly escaped

Open cmcnulty opened this issue 5 years ago • 3 comments

Describe the bug because the_title_rss() and the_permalink_rss() already echo rather than returning, wrapping the return value in an escape function doesn't actually do anything. Luckily the the_permalink_rss already escapes it's results, so nothing to worry about there - but the title doesn't, so we should probably call get_the_title_rss() instead of the_title_rss

To Reproduce Steps to reproduce the behavior:

  1. put characters in title that should be escaped
  2. go to raw podcast feed
  3. observe non-escaped characters

cmcnulty avatar Apr 24 '20 05:04 cmcnulty

@cmcnulty can you provide me with a few characters you have tested this with. Currently my test with single and double quotes, and the ampersand doesn't need to escape any characters, but it does convert the quotes and the ampersand to html characters.

I do agree that the_title_rss and the_permalink_rss echo rather than return, so I just want to replicate the problem you were having, to make sure things area fixed correctly via the PR.

jonathanbossenger avatar May 12 '20 10:05 jonathanbossenger

@cmcnulty just bumping this, thanks

jonathanbossenger avatar May 18 '20 12:05 jonathanbossenger

Will attempt to reproduce todayOn May 18, 2020 7:15 AM, Jonathan Bossenger [email protected] wrote: @cmcnulty just bumping this, thanks

—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.

cmcnulty avatar May 19 '20 13:05 cmcnulty