[wp-trac] [WordPress Trac] #57049: Make the use (or non-use) of `esc_url()` more consistent for translated URLs
WordPress Trac
noreply at wordpress.org
Wed Nov 9 20:28:33 UTC 2022
#57049: Make the use (or non-use) of `esc_url()` more consistent for translated
URLs
--------------------------+-----------------------------
Reporter: desrosj | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
There are currently 122 instances of `__( 'https://` in Core (excluding
those within bundled themes). Of those, 24 are passed through `esc_url()`.
The general rule is that default translations representing Core are
considered trusted. Following that rule, unfiltered URLs that are
translated don't need to be passed through `esc_url()`, though it's
unclear if URLs should be considered an exception.
This should be clarified in the handbook (I couldn't find where "core
translations are trusted" is detailed) and made consistent across the code
base.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57049>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list