[wp-trac] [WordPress Trac] #30724: Twenty Fifteen: Unnecessary use of esc_html()
WordPress Trac
noreply at wordpress.org
Tue Dec 16 18:38:13 UTC 2014
#30724: Twenty Fifteen: Unnecessary use of esc_html()
------------------------------------------+-----------------------
Reporter: ocean90 | Owner: ocean90
Type: defect (bug) | Status: accepted
Priority: high | Milestone: 4.1
Component: Bundled Theme | Version:
Severity: normal | Resolution:
Keywords: has-patch commit fixed-major | Focuses:
------------------------------------------+-----------------------
Comment (by sboisvert):
One problem with not escaping translations is that some plugins that
filter translations will allow end users to push translations in the back
end.
Depending on where these go they can break the code because characters are
not escaped properly and the end users doing the translations won't
understand what broke.
This doesn't even take under account that you may not be able to trust the
end users doing the translations.
I feel that escaping protects against user error and potentially malicious
users especially with translation plugins with little cost / negative
repercussions.
Thanks!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30724#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list