Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #57686, comment 49


Ignore:
Timestamp:
09/13/2023 07:23:13 PM (11 months ago)
Author:
azaozz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #57686, comment 49

    initial v1  
    55Yep, thinking the same. These strings/messages are targeted at developers and are not (should not ever be) displayed in production. If they were targeted at users/for use in production I think they should have been escaped and made "safe" by all means. However thinking it would probably be enough to document the fact that these functions expect HTML safe/escaped strings as they generally fall under "developer tools" rather than "production code".
    66
    7 At the same time thinking that @costdev's approach [https://core.trac.wordpress.org/ticket/57686?replyto=48#comment:47 above] makes sense too. Probably would be good to have another (hardening) ticket for it so it covers all similar cases.
     7At the same time thinking that @peterwilsoncc thoughts and @costdev's approach [https://core.trac.wordpress.org/ticket/57686?replyto=48#comment:47 above] makes sense too. Probably would be good to have another (hardening) ticket for it so it covers all similar cases.