Escaping output for field label

2020-09-29 14:25:56 +02:00 · 2020-09-29 14:25:56 +02:00 · b730298ee6
parent 73deab28a5
commit b730298ee6
1 changed files with 1 additions and 1 deletions
--- a/includes/wc-template-functions.php
+++ b/includes/wc-template-functions.php
@ -2857,7 +2857,7 @@ if ( ! function_exists( 'woocommerce_form_field' ) ) {
 			$field_html = '';

 			if ( $args['label'] && 'checkbox' !== $args['type'] ) {
-				$field_html .= '<label for="' . esc_attr( $label_id ) . '" class="' . esc_attr( implode( ' ', $args['label_class'] ) ) . '">' . $args['label'] . $required . '</label>';
+				$field_html .= '<label for="' . esc_attr( $label_id ) . '" class="' . esc_attr( implode( ' ', $args['label_class'] ) ) . '">' . wp_kses_post( $args['label'] ) . $required . '</label>';
 			}

 			$field_html .= '<span class="woocommerce-input-wrapper">' . $field;