[buddypress-trac] [BuddyPress Trac] #6656: escape translations

buddypress-trac noreply at wordpress.org
Mon Oct 12 10:01:22 UTC 2015

#6656: escape translations
 Reporter:  DJPaul         |      Owner:
     Type:  idea           |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  Locale - i18n  |    Version:
 Severity:  normal         |   Keywords:
 I'm proposing that for 2.5 onwards, we treat all (new) translations as
 untrusted from now on.

 For BuddyPress, we've always known who the translator validators are,
 because it's the same people who do that for WordPress, and we have a lot
 of trust and faith and appreciation in them.

 Now that other plugins are on the WordPress.org translation platform, and
 that each plugin can have its own validators added for a specific language
 without any further community oversight, the risk of someone sneaking
 something mischievous into any plugin (via a bad translation) is higher.
 Certainly for any new plugins that I write, the translations will be
 escaped to cover this -- just in case.

 As I don't think BuddyPress should exist on an island by itself when it
 comes to best practices, and because I think we are able to (and should)
 contribute to a mindset shift in the plugin community, I'm suggesting we
 gradually introduce escaping into BuddyPress strings from 2.5 onwards. For
 example, replacing `_e` with `esc_html_e`, and so on.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6656>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list