Support » Plugin: GDPR Cookie Consent Banner » Escaping improvements

  • Having a quick look at the code, it’s missing a bunch of output escaping. For example, take the cooke_version_render() function:

    value="<?php echo $options['cookie_version']; ?>">

    That value isn’t being escaped. It should be wrapped in esc_attr, like so:

    value="<?php echo esc_attr( $options['cookie_version'] ); ?>">

    I’d suggest spending a couple of hours auditing the plugin everywhere you output values, and verify that everything’s escaped.

  • The topic ‘Escaping improvements’ is closed to new replies.