Changes between Version 1 and Version 2 of Ticket #57686, comment 49
- Timestamp:
- 09/13/2023 07:23:36 PM (16 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #57686, comment 49
v1 v2 5 5 Yep, thinking the same. These strings/messages are targeted at developers and are not (should not ever be) displayed in production. If they were targeted at users/for use in production I think they should have been escaped and made "safe" by all means. However thinking it would probably be enough to document the fact that these functions expect HTML safe/escaped strings as they generally fall under "developer tools" rather than "production code". 6 6 7 At the same time thinking that @peterwilsoncc thoughts and @costdev's approach [https://core.trac.wordpress.org/ticket/57686?replyto=48#comment:47 above] make ssense too. Probably would be good to have another (hardening) ticket for it so it covers all similar cases.7 At the same time thinking that @peterwilsoncc thoughts and @costdev's approach [https://core.trac.wordpress.org/ticket/57686?replyto=48#comment:47 above] make sense too. Probably would be good to have another (hardening) ticket for it so it covers all similar cases.