diff --git a/packages/block-library/src/latest-comments/index.php b/packages/block-library/src/latest-comments/index.php index 3e649bbf5f7492..1b340f39fe70f0 100644 --- a/packages/block-library/src/latest-comments/index.php +++ b/packages/block-library/src/latest-comments/index.php @@ -30,7 +30,7 @@ function wp_latest_comments_draft_or_post_title( $post = 0 ) { if ( empty( $title ) ) { $title = __( '(no title)' ); } - return esc_html( $title ); + return $title; } /** @@ -86,14 +86,14 @@ function render_block_core_latest_comments( $attributes = array() ) { $author_markup = ''; if ( $author_url ) { - $author_markup .= '' . get_comment_author( $comment ) . ''; + $author_markup .= '' . esc_html( get_comment_author( $comment ) ) . ''; } else { - $author_markup .= '' . get_comment_author( $comment ) . ''; + $author_markup .= '' . esc_html( get_comment_author( $comment ) ) . ''; } // `_draft_or_post_title` calls `esc_html()` so we don't need to wrap that call in // `esc_html`. - $post_title = '' . wp_latest_comments_draft_or_post_title( $comment->comment_post_ID ) . ''; + $post_title = '' . esc_html( wp_latest_comments_draft_or_post_title( $comment->comment_post_ID ) ) . ''; $list_items_markup .= sprintf( /* translators: 1: author name (inside or tag, based on if they have a URL), 2: post title related to this comment */ @@ -106,7 +106,7 @@ function render_block_core_latest_comments( $attributes = array() ) { $list_items_markup .= sprintf( '', esc_attr( get_comment_date( 'c', $comment ) ), - date_i18n( get_option( 'date_format' ), get_comment_date( 'U', $comment ) ) + esc_html( date_i18n( get_option( 'date_format' ), get_comment_date( 'U', $comment ) ) ) ); } $list_items_markup .= '';