Make WordPress Core

Opened 5 years ago

Closed 2 weeks ago

Last modified 2 weeks ago

#14900 closed enhancement (fixed)

link-template string builder cleanup

Reported by: niallkennedy Owned by: wonderboymusic
Milestone: 4.4 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch
Focuses: template Cc:


Convert dynamic strings to static strings where quick wins are available.

Wrap output such as translated strings in an esc_attr or esc_html just in case HTML can better handle what a parent page's character encoding can't.

Attachments (1)

link-template.diff (5.8 KB) - added by niallkennedy 5 years ago.
staticize strings. escape some strings for HTML output.

Download all attachments as: .zip

Change History (9)

@niallkennedy5 years ago

staticize strings. escape some strings for HTML output.

comment:1 @dd325 years ago

  • Component changed from Permalinks to Template

Looks good to me so far. One thing of note is that I have the feeling the change of 'esc_url_raw' to 'esc_url' in the final patch chunk there may be wrong..

comment:2 @markjaquith5 years ago

  • Milestone changed from Awaiting Review to Future Release

Don't forget about the translation-enabled escaping functions, like esc_attr__()!

comment:3 @nacin20 months ago

  • Component changed from Template to General
  • Focuses template added

comment:4 @wonderboymusic2 weeks ago

  • Milestone changed from Future Release to 4.4

there are a few we can hit

comment:5 @wonderboymusic2 weeks ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 34444:

Links: use consistent late-escaping in some HTML link-generation functions:

  • post_comments_feed_link()
  • edit_post_link()
  • edit_comment_link()
  • edit_bookmark_link()
  • rel_canonical()

Props niallkennedy, wonderboymusic.
Fixes #14900.

comment:6 @wonderboymusic2 weeks ago

In 34445:

After [34444​], wp_get_shortlink() can call get_queried_object_id() instead of using the $wp_query global.

See #14900.

comment:7 @kraftbj2 weeks ago

Noting that r34444 broke the Edit links in Twenty Sixteen. https://github.com/WordPress/twentysixteen/issues/259

Had been using:

		/* translators: %s: Name of current post */
		__( 'Edit %s', 'twentysixteen' ),
		the_title( '<span class="screen-reader-text">', '</span>', false )
	'<span class="edit-link">',
Last edited 2 weeks ago by kraftbj (previous) (diff)

comment:8 @wonderboymusic2 weeks ago

In 34452:

Links: the esc_html() additions in [34444] aren't very nice to screen reader <span>s. Revert those specific calls.

See #14900.

Note: See TracTickets for help on using tickets.