Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#49535 closed defect (bug) (wontfix)

Twenty Twenty: 404.php

Reported by: fahimmurshed's profile fahimmurshed Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.4
Component: Bundled Theme Keywords:
Focuses: Cc:



All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'

Attachments (1)

49535.diff (1.8 KB) - added by fahimmurshed 4 years ago.

Download all attachments as: .zip

Change History (3)

4 years ago


#1 @ocean90
4 years ago

  • Focuses coding-standards removed
  • Keywords has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

For core and its default themes, translations are inherently trusted because of various checks, including a review process for translations. This has been mentioned before in so I'm going to close this as wontfix.

#2 @SergeyBiryukov
4 years ago

Thanks for the ticket and the patch!

Core translations (including bundled themes) are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233.) Not all of Theme Check suggestions apply here.

In WordPress core and bundled themes, strings are generally only escaped in attributes or in <option> tags.

Note: See TracTickets for help on using tickets.