[wp-trac] [WordPress Trac] #32071: Function to generate safe & trusted URLs

WordPress Trac noreply at wordpress.org
Thu Apr 23 02:06:55 UTC 2015

#32071: Function to generate safe & trusted URLs
 Reporter:  johnjamesjacoby  |       Owner:
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  General          |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  has-patch        |     Focuses:

Comment (by rmccue):

 Replying to [comment:1 johnbillion]:
 > I'm not a fan of escaping inside functions. Developers should become
 familiar with late escaping.

 I agree for escaping that isn't idempotent (i.e. can't be applied
 infinitely), like `esc_html`, `esc_attr`, etc. `esc_url_raw` on the other
 hand can be applied infinitely, so it doesn't have to follow late
 escaping. I'd prefer that all functions that say they return URLs actually
 return URLs, and we still escape them regardless.

 (On that note, I think `esc_url` doing HTML escaping is a bit dumb,
 `esc_html( esc_url_raw(` or `esc_attr( esc_url_raw` would have been a
 better choice.)

Ticket URL: <https://core.trac.wordpress.org/ticket/32071#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list