Categories: Switch escaping function

Escape the label with wp_kses_post() instead of esc_html to allow some HTML tags and to be consistent with escaping other labels in other blocks.
WordPress · Sep 21, 2024 · 904871f · 904871f
1 parent 79d198e
commit 904871f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/block-library/src/categories/index.php b/packages/block-library/src/categories/index.php
@@ -49,7 +49,7 @@ function render_block_core_categories( $attributes, $content, $block ) {
 
 		$show_label     = empty( $attributes['showLabel'] ) ? ' screen-reader-text' : '';
 		$default_label  = $taxonomy->label;
-		$label_text     = ! empty( $attributes['label'] ) ? esc_html( $attributes['label'] ) : $default_label;
+		$label_text     = ! empty( $attributes['label'] ) ? wp_kses_post( $attributes['label'] ) : $default_label;
 		$wrapper_markup = '<div %1$s><label class="wp-block-categories__label' . $show_label . '" for="' . esc_attr( $id ) . '">' . $label_text . '</label>%2$s</div>';
 		$items_markup   = wp_dropdown_categories( $args );
 		$type           = 'dropdown';