WordPress.org

Make WordPress Core

Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#49537 closed defect (bug) (wontfix)

Twenty Twenty: Add esc_html_e on the modal-menu.php

Reported by: fahimmurshed Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.4
Component: Bundled Theme Keywords:
Focuses: Cc:

Description

All output should be run through an escaping function (like esc_html_e()

Attachments (1)

49537.diff (1.7 KB) - added by fahimmurshed 8 months ago.
Patch

Download all attachments as: .zip

Change History (5)

@fahimmurshed
8 months ago

Patch

#1 @ocean90
8 months ago

  • Focuses coding-standards removed
  • Keywords has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

For core and its default themes, translations are inherently trusted because of various checks, including a review process for translations. This has been mentioned before in https://core.trac.wordpress.org/ticket/30724#comment:8 so I'm going to close this as wontfix.

#2 @SergeyBiryukov
8 months ago

Thanks for the ticket and the patch!

Core translations (including bundled themes) are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233.) Not all of Theme Check suggestions apply here.

In WordPress core and bundled themes, strings are generally only escaped in attributes or in <option> tags.

#3 follow-up: @ocean90
8 months ago

@SergeyBiryukov What's the point of repeating the same information again and again which other contributors already gave? That's disrespectful. Feels like the account is just a bot.

#4 in reply to: ↑ 3 @SergeyBiryukov
8 months ago

Replying to ocean90:

What's the point of repeating the same information again and again which other contributors already gave? That's disrespectful. Feels like the account is just a bot.

Just wanted to provide a bit more context with links to some more tickets. I'm sorry if that seemed disrespectful. Won't do that again.

Note: See TracTickets for help on using tickets.