id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
21756	Escape i18n attributes as late as possible	mfields		"The following code is found in multiple places in both Twenty Ten and Twenty Eleven:

```printf( esc_attr__( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) )```

While the value of ```the_title_attribute()``` is escaped before it is returned in this example, this code could be reworked to demonstrate the best practice of escaping as late as possible:

```echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ), the_title_attribute( 'echo=0' ) ) )```

Twenty Twelve is currently using code similar to the second example."	defect (bug)	closed	normal	3.5	Bundled Theme		normal	fixed	has-patch