[wp-trac] [WordPress Trac] #62738: Proposal for format_atts()
WordPress Trac
noreply at wordpress.org
Thu Dec 26 07:57:03 UTC 2024
#62738: Proposal for format_atts()
--------------------------+-----------------------------
Reporter: takayukister | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I have used [https://github.com/rocklobster-in/contact-
form-7/blob/v6.0.2/includes/formatting.php#L527 wpcf7_format_atts()], a
simple function to format HTML attributes, in my Contact Form 7 plugin for
many years. With this function, you can convert this complicated error-
prone code:
{{{
echo '<input type="checkbox" name="' . esc_attr( $cb_name ) . '" value="'
. esc_attr( $cb_value ) . '" checked="checked" />';
}}}
into the following readable clean coding:
{{{
echo sprintf(
'<input %s />',
wpcf7_format_atts( array(
'type' => 'checkbox',
'name' => $cb_name,
'value' => $cb_value,
'checked' => true,
) )
);
}}}
I'd like to suggest introducing the same functionality into WordPress core
as `format_atts()`.
Another reason for me to suggest this is that the
[https://wordpress.org/plugins/plugin-check/ Plugin Check plugin] detects
errors of `WordPress.Security.EscapeOutput.OutputNotEscaped` despite the
fact that attribute values are properly escaped with `esc_attr()`. If this
function becomes WordPress standard and the PCP recognizes that, I and
other developers who use similar formatting function will be able to avoid
the false-positive error.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62738>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list