[wp-trac] [WordPress Trac] #43147: Introduce `esc_html_comment` and translation related functions
WordPress Trac
noreply at wordpress.org
Wed Jan 24 10:51:05 UTC 2018
#43147: Introduce `esc_html_comment` and translation related functions
-------------------------------------------------+-------------------------
Reporter: jipmoors | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Formatting | Review
Severity: normal | Version: trunk
Keywords: has-patch has-unit-tests 2nd- | Resolution:
opinion | Focuses:
-------------------------------------------------+-------------------------
Comment (by schlessera):
@dd32 I personally never trust the translations, because they are outside
of a developer's control.
When you say "WordPress also trusts translations inherently", do you have
something definitive you can point me to? I tried to read up on it, but
all I found was (mostly implicit) recommendations to escape anything that
will be rendered into HTML.
Also, "fix a translation that contains rogue HTML" is not technically
possible in a lot of cases, as translations can just be uploaded to sites
as additional (potentially rogue) files.
I personally see the value in this, especially since we decided to use
HTML comments as your content data structure.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43147#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list