Merge pull request #119 from studiopress/add/escape-pattern-previews

Escape pattern preview content
studiopress · Mar 16, 2023 · bb047b5 · bb047b5
2 parents 9f2bb9e + bed77a2
commit bb047b5
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/wp-modules/editor/editor.php b/wp-modules/editor/editor.php
@@ -193,6 +193,7 @@ function disable_autosave() {
  * Receive pattern id in the URL and display its content. Useful for pattern previews and thumbnails.
  */
 function display_block_pattern_preview() {
+	// Nonce not required as the user is not taking any action here.
 	if ( ! isset( $_GET['pm_pattern_preview'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		return;
 	}
@@ -205,7 +206,7 @@ function display_block_pattern_preview() {
 
 	wp_head();
 
-	echo $the_content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+	echo wp_kses_post( $the_content );
 
 	wp_footer();