[wp-trac] [WordPress Trac] #46188: esc_html does not have support for multiline output. esc_br_html or line-breaking parameter for esc_html is missing

WordPress Trac noreply at wordpress.org
Tue Feb 5 13:02:02 UTC 2019 

#46188: esc_html does not have support for multiline output. esc_br_html or line-
breaking parameter for esc_html is missing
-------------------------+------------------------------
 Reporter:  KestutisIT   |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Formatting   |     Version:  5.0.3
 Severity:  normal       |  Resolution:
 Keywords:  needs-patch  |     Focuses:  template
-------------------------+------------------------------

Comment (by KestutisIT):

 Replying to [comment:1 swissspidy]:
 > What about using `esc_textarea()` or hooking into the `esc_html` filter
 instead?

 I'm not sure if filter-hook is good decision. As this has to be global for
 all plugin developers, meaning a standard defined in coding standards,

 What I did not, is that I created a 'fake' formating.php file in my plugin
 to replicate the missing lines on \wp-includes\formatting.php:

 PATCH could be the following for the \wp-includes\formatting.php file:

 {{{#!php
 <?php

 if(!function_exists('esc_br_html'))
 {
     /**
      * Escape with line-breaks
      * @note Related ticket -
 https://core.trac.wordpress.org/ticket/46188#content
      * @param string $text
      * @return string
      */
     function esc_br_html($text)
     {
         $escaped_text_array = array_map('esc_html', explode("\n", $text));
         $escaped_multiline_text = implode("\n", $escaped_text_array);

         return esc_html($escaped_multiline_text);
     }
 }
 }}}

 Regarding the `esc_textarea` - that would be a **BAD** decision, as it
 impacts all the other chars, I thing esc_textarea even DO NOT escapes
 single quotes. I mean the same title with just the need of span in via
 multiple lines is so much common case that I saw it over 1000 times in
 recent years, but only now everybody is bumping so much to the standards,
 so we need to finally make a solution for everybody, so I believe we need
 to add one more function to wp-includes\formatting.php or to add an
 additional parameter support to `esc_html`.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46188#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list