Support » Plugin: Yasr - Yet Another Stars Rating » Please Add Sanitization to Schema Output

  • Resolved WPExplorer

    (@wpexplorer)


    Looks like the schema markup is not sanitized at all. For example the $review_name variable comes from get_the_title() and it’s possible to technically include HTML in the return value which can break the schema output but also you should sanitize the output for security reasons.

    Can you please update the plugin to use wp_strip_all_tags in the schema output to comply with the WordPress guidelines?

    Thanks!

    ps: This is the only file I looked at since I was trying to fix an issue with a customer site, but if there isn’t sanitization here I’m sure maybe other places as well. It would be ideal if you could sanitize all user input that is displayed on the site 😉

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author dudo

    (@dudo)

    Hi,
    all field that comes from user input are sanitized indeed (function yasr_general_options_sanitize as example)

    I didn’t know was possible to save html in the title, will release a fix ASAP

    • This reply was modified 2 months, 3 weeks ago by  dudo.
    Plugin Author dudo

    (@dudo)

    Fixed with version 1.9.9.

    Thank you for sharing this.

    Wow, I’m very impressed with how quickly you respond and your willingness to improve your product. Keep up the great work!

    – AJ

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.