+ // Sanitize fields
+ $allowed_tags = $allowed_tags_in_links = array(
+ 'abbr' => array( 'title' => true ),
+ 'acronym' => array( 'title' => true ),
+ 'code' => true,
+ 'em' => true,
+ 'strong' => true,
+ );
+ $allowed_tags['a'] = array( 'href' => true, 'title' => true );
+
+ // Name is marked up inside <a> tags. Don't allow these.
+ // Author is too, but some plugins have used <a> here (omitting Author URI).
+ $plugin_data['Name'] = wp_kses( $plugin_data['Name'], $allowed_tags_in_links );
+ $plugin_data['Author'] = wp_kses( $plugin_data['Author'], $allowed_tags );
+
+ $plugin_data['Description'] = wp_kses( $plugin_data['Description'], $allowed_tags );
+ $plugin_data['Version'] = wp_kses( $plugin_data['Version'], $allowed_tags );
+
+ $plugin_data['PluginURI'] = esc_url( $plugin_data['PluginURI'] );
+ $plugin_data['AuthorURI'] = esc_url( $plugin_data['AuthorURI'] );
+
+ $plugin_data['Title'] = $plugin_data['Name'];
+ $plugin_data['AuthorName'] = $plugin_data['Author'];
+
+ // Apply markup