[wp-trac] [WordPress Trac] #55852: Reverse wrapping of `sanitize_url()` and `esc_url_raw()`.
WordPress Trac
noreply at wordpress.org
Tue May 31 15:16:15 UTC 2022
#55852: Reverse wrapping of `sanitize_url()` and `esc_url_raw()`.
--------------------------------------+-----------------------------
Reporter: peterwilsoncc | Owner: SergeyBiryukov
Type: enhancement | Status: reviewing
Priority: normal | Milestone: 6.1
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: good-first-bug has-patch | Focuses:
--------------------------------------+-----------------------------
Comment (by SergeyBiryukov):
In [changeset:"53452" 53452]:
{{{
#!CommitTicketReference repository="" revision="53452"
Formatting: Make `sanitize_url()` the recommended function for sanitizing
a URL.
A general security rule is "Sanitize when you save, escape when you echo".
In WordPress 5.9, `sanitize_url()` was un-deprecated in order to better
align with the naming of other sanitizing functions, while still being an
alias for `esc_url_raw()`.
This commit reverses the order and turns `esc_url_raw()` into a wrapper
for `sanitize_url()`, making the latter the canonical function call and
aiming to improve performance by reducing the number of function calls
required when using the recommended technique.
Follow-up to [11383], [13096], [51597].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
See #55852.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55852#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list