[wp-trac] [WordPress Trac] #32071: Function to generate safe & trusted URLs
WordPress Trac
noreply at wordpress.org
Thu Apr 23 02:06:55 UTC 2015
#32071: Function to generate safe & trusted URLs
-----------------------------+------------------------------
Reporter: johnjamesjacoby | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-----------------------------+------------------------------
Comment (by rmccue):
Replying to [comment:1 johnbillion]:
> I'm not a fan of escaping inside functions. Developers should become
familiar with late escaping.
I agree for escaping that isn't idempotent (i.e. can't be applied
infinitely), like `esc_html`, `esc_attr`, etc. `esc_url_raw` on the other
hand can be applied infinitely, so it doesn't have to follow late
escaping. I'd prefer that all functions that say they return URLs actually
return URLs, and we still escape them regardless.
(On that note, I think `esc_url` doing HTML escaping is a bit dumb,
`esc_html( esc_url_raw(` or `esc_attr( esc_url_raw` would have been a
better choice.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32071#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list