[wp-trac] [WordPress Trac] #58127: Twenty Eleven: Add escaping as per the WordPress VIP standards (was: Improper code)

WordPress Trac noreply at wordpress.org
Thu Apr 13 15:24:04 UTC 2023 

#58127: Twenty Eleven: Add escaping as per the WordPress VIP standards
-------------------------------------+------------------------------
 Reporter:  himshekhar07             |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Bundled Theme            |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  needs-patch 2nd-opinion  |     Focuses:
-------------------------------------+------------------------------
Changes (by SergeyBiryukov):

 * keywords:  needs-patch => needs-patch 2nd-opinion
 * component:  Themes => Bundled Theme


Comment:

 Hi there, welcome back to WordPress Trac! Thanks for the patch.

 Please note that WordPress core does not use the
 [https://github.com/Automattic/VIP-Coding-Standards WordPress VIP]
 standards, they are specific to Automattic projects.

 Previously, the point of view here was that core translations (including
 bundled themes) are considered safe because we have a review process for
 them, see #42639 and the discussion in #30724. (Also related: #32233.)

 In WordPress core and older bundled themes, strings are generally only
 escaped in attributes or in `<option>` tags.

 Some other related tickets: #47384, #47385, #49535, #49536, #49537,
 #54127, #56110, #57133.

 This was recently reconsidered for the Twenty Twenty-One theme, see the
 discussion in
 [https://wordpress.slack.com/archives/C02RP4VMP/p1608576953179600 #core-
 themes on Slack].

 As the purpose of bundled themes is to demonstrate best practices, they
 should use proper escaping so that the code copied from or based on these
 themes also uses correct escaping. This has been addressed for Twenty
 Twenty-One and will be addressed for newer bundled themes going forward.

 For updating the escaping in older themes though, there is no consensus
 yet, see the
 [https://wordpress.slack.com/archives/C02RP4VMP/p1608586193219600 second
 part of the discussion]. This should probably be discussed with the Themes
 team. Personally, I think either way is fine. As these themes are
 periodically updated for better block editor support, I guess we could
 address the escaping as well, but it should ideally be done in a
 consistent way rather than just in a few random occurrences.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58127#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list