WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 9 months ago

#37057 new feature request

Creation of an esc_html functions for _n(), _nx(), _ex(), and number_format_i18n()

Reported by: zakkath Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: I18N Keywords: dev-feedback has-patch needs-testing
Focuses: Cc:

Description (last modified by dd32)

Using a lot of the translation functions generates an error using the WordPress Coding Standards under PHPCS such as:

Expected next thing to be an escaping function (see Codex for 'Data Validation'), not '_nx'

Certain functions like _x(), _e(), __() all have equivalent esc_html functions. But there are no esc_html equivalent for these other functions.

Granted one could simply wrap the statements in esc_html(), for the sake of consistency and standardization for theme developers, I feel that esc_html versions of these functions should be created.

Attachments (1)

37057.diff (1.3 KB) - added by zakkath 10 months ago.

Download all attachments as: .zip

Change History (12)

#1 @zakkath
2 years ago

There's a formating error in the original ticket, where it starts to underline is actually supposed to be __()

#2 @dd32
2 years ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core by zakkath. View the logs.


11 months ago

This ticket was mentioned in Slack in #core by zakkath. View the logs.


11 months ago

#5 follow-up: @johnbillion
11 months ago

  • Component changed from General to I18N
  • Focuses template removed
  • Keywords needs-patch dev-feedback added
  • Version 4.5.2 deleted

Related: #37191, particularly the reason it was wontfixed.

esc_html_ex() makes sense, but I don't think any of the others do because numbers are almost always passed through a formatting function such as sprintf() and therefore need later escaping.

#6 in reply to: ↑ 5 @zakkath
11 months ago

I understand that, but you actually presented the code along the lines of what I'm proposing be added in the case of an esc_html_n() function - just a simple wrapper for esc_html() or esc_attr().

Having the new functions just allows for consistency for theme developers.

#7 follow-up: @johnbillion
10 months ago

What's the use case for esc_html_n() without passing it through sprintf() and therefore needing further late escaping?

#8 in reply to: ↑ 7 @zakkath
10 months ago

Replying to johnbillion:

What's the use case for esc_html_n() without passing it through sprintf() and therefore needing further late escaping?

It's not so much of a use case thing but more along the lines of consistency for theme/plugin developers. Since WPCS requires that these things be escaped, _e() gets esc_html_e() and so forth but, using the current version of Underscores, it uses esc_html() as a wrapper around _nx() as demonstrated in [comments.php](https://github.com/Automattic/_s/blob/master/comments.php#L40).

So my proposal would be to create esc_html_nx() as that wrapper. I created a diff file with the wrapper and attached it to the ticket. The change was tested using a fresh copy of Underscores and resulted in desired output and nothing in the error log.

@zakkath
10 months ago

#9 @zakkath
10 months ago

  • Keywords has-patch needs-testing added; needs-patch removed

This ticket was mentioned in Slack in #core by zakkath. View the logs.


9 months ago

This ticket was mentioned in Slack in #core by johnbillion. View the logs.


9 months ago

Note: See TracTickets for help on using tickets.