escape attributes in default form content using esc_attr instead of e…

…sc_html
ibericode · Sep 16, 2024 · 3df4be9 · 3df4be9
1 parent 5709b12
commit 3df4be9
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/config/default-form-content.php b/config/default-form-content.php
@@ -1,11 +1,11 @@
 <?php
 
 $email_label       = esc_html__('Email address', 'mailchimp-for-wp');
-$email_placeholder = esc_html__('Your email address', 'mailchimp-for-wp');
-$signup_button     = esc_html__('Sign up', 'mailchimp-for-wp');
+$email_placeholder_attr = esc_attr__('Your email address', 'mailchimp-for-wp');
+$signup_button_value     = esc_attr__('Sign up', 'mailchimp-for-wp');
 
 $content  = "<p>\n\t<label>{$email_label}: \n";
-$content .= "\t\t<input type=\"email\" name=\"EMAIL\" placeholder=\"{$email_placeholder}\" required />\n</label>\n</p>\n\n";
-$content .= "<p>\n\t<input type=\"submit\" value=\"{$signup_button}\" />\n</p>";
+$content .= "\t\t<input type=\"email\" name=\"EMAIL\" placeholder=\"{$email_placeholder_attr}\" required />\n</label>\n</p>\n\n";
+$content .= "<p>\n\t<input type=\"submit\" value=\"{$signup_button_value}\" />\n</p>";
 
 return $content;