[wp-trac] [WordPress Trac] #58251: Escaping issue found while echoing attribute's dynamic value in html attribute.
WordPress Trac
noreply at wordpress.org
Sun May 7 17:11:41 UTC 2023
#58251: Escaping issue found while echoing attribute's dynamic value in html
attribute.
-----------------------------+-------------------------------
Reporter: madhusudandev | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Toolbar | Version:
Severity: normal | Resolution:
Keywords: has-patch close | Focuses: coding-standards
-----------------------------+-------------------------------
Changes (by azaozz):
* keywords: has-patch => has-patch close
Comment:
Replying to [comment:11 SergeyBiryukov]:
> That used to be my thinking too, but @peterwilsoncc raised a good point
in comment:7:ticket:57133 that even though the values do not require
escaping currently, this may change in the future so it would be a good
idea to escape anything that is a variable.
Frankly I tend to disagree. Why would you want to run a function that will
consume some resources (no matter how small) and do absolutely nothing?
Wouldn't it be better to add a comment or two to where the variable is
hard-coded?
Also, I kind of understand the hesitation to trust future developers but
changing a variable that is set to a static string should always trigger a
review of where and how that variable is used, right? :)
So it is a -1 from me for this type of pointless use of functions. A
comment would work just as well if not better.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58251#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list