Opened 6 weeks ago
#63074 new enhancement
Automated Output Escaping Based on REST API Schema
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | REST API | Keywords: | |
| Focuses: | Cc: |
Description
Currently, the WordPress REST API provides robust schema definitions for input validation and sanitization through data type, format, sanitize_callback, and validate_callback within arg_options. However, there is no equivalent mechanism for automatically escaping output based on the defined schema.
This issue proposes two enhancements:
Default Escape Feature:
- Implement a default escaping mechanism that automatically applies appropriate escaping functions to API responses based on the type and format keywords defined in the schema.
Introduce an escape_callback within arg_options of the schema, similar to sanitize_callback and validate_callback.
- This would allow developers to define custom escaping functions for specific fields or data types, providing greater flexibility and control over output escaping.
These enhancements would significantly improve the security and developer experience of the WordPress REST API by providing a more comprehensive and automated approach to data escaping.
Note: See
TracTickets for help on using
tickets.