#49537 closed defect (bug) (wontfix)
Twenty Twenty: Add esc_html_e on the modal-menu.php
Reported by: | fahimmurshed | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.4 |
Component: | Bundled Theme | Keywords: | |
Focuses: | Cc: |
Description
All output should be run through an escaping function (like esc_html_e()
Attachments (1)
Change History (5)
#1
@
5 years ago
- Focuses coding-standards removed
- Keywords has-patch removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
For core and its default themes, translations are inherently trusted because of various checks, including a review process for translations. This has been mentioned before in https://core.trac.wordpress.org/ticket/30724#comment:8 so I'm going to close this as wontfix.
#2
@
5 years ago
Thanks for the ticket and the patch!
Core translations (including bundled themes) are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233.) Not all of Theme Check suggestions apply here.
In WordPress core and bundled themes, strings are generally only escaped in attributes or in <option>
tags.
#3
follow-up:
↓ 4
@
5 years ago
@SergeyBiryukov What's the point of repeating the same information again and again which other contributors already gave? That's disrespectful. Feels like the account is just a bot.
#4
in reply to:
↑ 3
@
5 years ago
Replying to ocean90:
What's the point of repeating the same information again and again which other contributors already gave? That's disrespectful. Feels like the account is just a bot.
Just wanted to provide a bit more context with links to some more tickets. I'm sorry if that seemed disrespectful. Won't do that again.
Patch