[wp-trac] [WordPress Trac] #56110: Need to use esc_html__ escaping function
WordPress Trac
noreply at wordpress.org
Thu Jun 30 13:11:00 UTC 2022
#56110: Need to use esc_html__ escaping function
-----------------------------------------+------------------------------
Reporter: kartikpatel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch close 2nd-opinion | Focuses:
-----------------------------------------+------------------------------
Changes (by SergeyBiryukov):
* keywords: has-patch => has-patch close 2nd-opinion
Comment:
Hi there, welcome back to WordPress Trac! Thanks for the ticket and the
patch.
Core translations are considered safe because we have a review process for
them, see #42639 and the discussion in #30724. (Also related: #32233,
#44637.)
In WordPress core and older bundled themes, strings are generally only
escaped in attributes or in `<option>` tags. However, this was recently
reconsidered for newer bundled themes, see comment:5:ticket:54127.
Some other related tickets: #47384, #47385, #49535, #49536, #49537.
The `$blog_prefix` and `$prefix` values here are [source:tags/6.0/src/wp-
admin/options-permalink.php?marks=76-90#L75 hardcoded and not user-
editable], so it's not quite clear why they should be escaped.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56110#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list