[wp-trac] [WordPress Trac] #20771: esc_url() instead of esc_html() in wp_nonce_url()

[WordPress Trac]

#20771: esc_url() instead of esc_html() in wp_nonce_url()
------------------------------------------+--------------------------
 Reporter:  jkudish                       |       Owner:  johnbillion
     Type:  enhancement                   |      Status:  closed
 Priority:  normal                        |   Milestone:
Component:  Formatting                    |     Version:  3.4
 Severity:  normal                        |  Resolution:  wontfix
 Keywords:  needs-unit-tests needs-patch  |     Focuses:
------------------------------------------+--------------------------

Comment (by juliobox):

 Why not adding a new param in this function?
 wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce', $context =
 'display' );
 When $context is 'display', the default value (hello retrocompat), we let
 the esc_html() since it's for displaying.
 But it's not for display, like "redirect", esc_url() instead.
 And if no context is given, no sanitize.
 I think that way everyone is happy, we can still use it, retrocompat ok
 but still with a new possibility to use it for redirection without
 creating a new one or break anything.
 Thougths?

 cc @johnbillion @johnjamesjacoby

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/20771#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform