Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

git-svn-id: http://core.svn.wordpress.org/trunk@20809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
koopersmith 2012-05-16 20:59:02 +00:00
parent b212ead08c
commit 507f3b2d0c
3 changed files with 18 additions and 2 deletions

View File

@ -230,6 +230,22 @@ class WP_Customize_Setting {
return $this->multidimensional_get( $values, $this->id_data[ 'keys' ], $this->default );
}
/**
* Escape the parameter's value for use in JavaScript.
*
* @since 3.4.0
*
* @return mixed The requested escaped value.
*/
public function js_value() {
$value = $this->value();
if ( is_string( $value ) )
return html_entity_decode( $value, ENT_QUOTES, 'UTF-8');
return $value;
}
/**
* Check if the theme supports the setting and check user capabilities.
*

View File

@ -213,7 +213,7 @@ final class WP_Customize {
);
foreach ( $this->settings as $id => $setting ) {
$settings['values'][ $id ] = $setting->value();
$settings['values'][ $id ] = $setting->js_value();
}
?>

View File

@ -108,7 +108,7 @@ do_action( 'customize_controls_print_scripts' );
foreach ( $this->settings as $id => $setting ) {
$settings['settings'][ $id ] = array(
'value' => $setting->value(),
'value' => $setting->js_value(),
'transport' => $setting->transport,
);
}