[wp-trac] [WordPress Trac] #46188: esc_html does not have support for multiline output. esc_br_html or line-breaking parameter for esc_html is missing

WordPress Trac noreply at wordpress.org
Tue Feb 5 12:40:02 UTC 2019 

#46188: esc_html does not have support for multiline output. esc_br_html or line-
breaking parameter for esc_html is missing
----------------------------------------+-----------------------------
 Reporter:  KestutisIT                  |      Owner:  (none)
     Type:  enhancement                 |     Status:  new
 Priority:  normal                      |  Milestone:  Awaiting Review
Component:  Formatting                  |    Version:  5.0.3
 Severity:  normal                      |   Keywords:  needs-patch
  Focuses:  template, coding-standards  |
----------------------------------------+-----------------------------
 Let's say that we want to save not a title, but a block of text in the
 database. So we have to support multiline escaping.

 Now I have to do this:

 {{{#!php
 <?php
 $escapedMultilineItemDescriptionArray = array_map('esc_html',
 explode("\n", $data['item_description']));
 $printItemDescription = implode("\n",
 $escapedMultilineItemDescriptionArray );

 $objView = new View();
 $objView->itemDescription = $printItemDescription;
 }}}

 But then the reviewers at Envato and other coding standards fans are not
 happy that at the template file I use:

 {{{
 <div class="item-description"><?=nl2br($itemDescription);?></div>
 }}}

 While following the concept of of 'escaping at the template' would could
 be instead 'esc_br_html':
 {{{
 <div class="item-description"><?=esc_br_html($itemDescription);?></div>
 }}}
 or with `fuction esc_html($text, $escapeLineBreaks = FALSE) {...}`
 {{{
 <div class="item-description"><?=nl2br(esc_html($itemDescription,
 TRUE));?></div>
 }}}

 I just see a lot of confusion and misinterpreation of escaping of text
 that has multiple lines, and there is NO function. And we should not do
 explode, implode, array_map things inside the template code, as the
 template is for designers, and ever CSS developer has to be able easily
 understand the template, so there so be no explodings, implodings.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46188>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list