[wp-trac] [WordPress Trac] #61430: Adding escaping function in wp_interactivity_data_wp_context PHPDoc

WordPress Trac noreply at wordpress.org
Thu Jun 13 13:31:39 UTC 2024 

#61430: Adding escaping function in wp_interactivity_data_wp_context PHPDoc
--------------------------------------+-----------------------
 Reporter:  mosne                     |       Owner:  audrasjb
     Type:  enhancement               |      Status:  accepted
 Priority:  normal                    |   Milestone:  6.6
Component:  Interactivity API         |     Version:  6.5
 Severity:  minor                     |  Resolution:
 Keywords:  good-first-bug has-patch  |     Focuses:  docs
--------------------------------------+-----------------------

Comment (by audrasjb):

 Replying to [comment:6 jonsurrell]:
 > I think this function should be added as an exception. It returns an
 HTML attribute name and value escaped and ready to print. It doesn't seem
 like there's anything for kses to do here.
 >
 > [https://developer.wordpress.org/reference/functions/wp_kses_data/ From
 wp_kses_data] (emphasis mine):
 >
 > > $data string required
 > > Content to filter, **expected to not be escaped.**

 By the way, it's worth noting that the contributor who filled this ticket
 opened it after the plugin review team asked him to escape the result of
 this function.

 That's why it seems like it made sense to enforce escaping in the example
 provided.

 > I did notice that the description is wrong
 [https://developer.wordpress.org/reference/functions/wp_interactivity_data_wp_context/
 here for wp_interactivity_data_wp_context]:
 >
 > > This helper function simplifies the creation of `data-wp-context`
 directives by providing a way to pass an array of data, which encodes into
 a JSON string safe for direct use as a HTML attribute value.
 >
 > Although the return description does hint that it returns the full
 attribute "a complete … directive":
 >
 > > Return
 > > `string` A complete data-wp-context directive with a JSON encoded
 value representing the context array and the store namespace if specified.
 >
 > It seems like that could be improved to clarify that it returns and HTML
 attribute suitable to be output to the page.

 Great point!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61430#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list