Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #52047, comment 12


Ignore:
Timestamp:
12/21/2020 05:05:07 PM (4 years ago)
Author:
SergeyBiryukov
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #52047, comment 12

    initial v1  
    55
    66[attachment:"52047.2.diff"] is my take on this:
    7 * Note that we don't need `esc_html__()` here, as core translations are considered safe, see previous discussions in comment:10:ticket:30724, #47385, #48161, #49190, #49535, #49536, #49537, etc. Overzealous escaping seems to come from `_s` or other themes following the WordPress.com VIP guidelines, or Theme Check suggestions, however not all of them apply to bundled themes. Previous bundled themes only escaped string when necessary (e.g. when used in attributes), but almost never as a security precaution with `esc_html()`. It looks like some new instances were introduced lately though, specifically with block patterns. Removing unnecessary escaping from Twenty Twenty-One would be something for another ticket.
     7* Note that we don't need `esc_html__()` here, as core translations are considered safe, see previous discussions in comment:10:ticket:30724, #47385, #48161, #49190, #49535, #49536, #49537, etc. Overzealous escaping seems to come from `_s` or other themes following the WordPress.com VIP guidelines, or Theme Check suggestions, however not all of them apply to bundled themes. Previous bundled themes only escaped strings when necessary (e.g. when used in attributes), but almost never as a security precaution with `esc_html()`. It looks like some new instances were introduced lately though, specifically with block patterns. Removing unnecessary escaping from Twenty Twenty-One would be something for another ticket.
    88* While refreshing the patch, I also noticed that one string uses a space at the end, which also goes against the i18n best practices, as this can easily be missed, even with a translation comment:
    99{{{