Bundled themes: use correct attribute escaping function in block patterns

[viralsampat]

Hello Team,

I have checked WordPress theme files and I have found this "Wrong Escaping Function" error for few files. I think that it should be resolve.

I have tested this into the WordPress 6.8-beta1.

Thanks,

[viralsampat]

I have checked above mentioned issue and founds few files. Here, I have added its patch.

[sabernhardt]

esc_attr() is not correct either; these Image blocks should use esc_attr__() for returning a translation.

• 63264.patch identifies eight instances of esc_html__() for alt text of 'Gradient' images in Twenty Nineteen's block patterns (r49348).
• Twenty Fourteen also uses esc_html__() for its 'Photo of a sunset' image (r51045).
• Twenty Eleven uses esc_attr() for the images' alt text (r51103).
• Twenty Thirteen has a different problem with alt="alt=" for its cylinder-interior and bernal-cutaway images (r51012).
• Twenty Seventeen does not escape translations in its block patterns (r49584).

[viralsampat]

I have updated my patch.

[viralsampat]

Hello @sabernhardt

Thank you so much for your feedback.

Here, I have attached new patch for remaining themes. I have made all the necessary changes based on requirement.

Thanks,

[viralsampat]

I have checked above mentioned issue and founds few files. Here, I have added its patch.

[dilipbheda]

@viralsampat I noticed some unwanted whitespace in your patch. Could you please rebase your branch with the WordPress core repository and regenerate the patch?

Reference: ​https://tinyurl.com/259tgsog

Thanks!

[viralsampat]

Hello @dilipbheda

Thank you so much for the update.

Yes, sure. I will check it and will add new patch for the same.

Thanks,

[sabernhardt]

The arrows in 63264.3.patch are not whitespace; those are right arrow glyphs inside several links for Twenty Seventeen patterns. (I would prefer to remove those arrows anyway, but that is outside the scope of this ticket.)

Also, I noticed that 63264.3.patch missed escaping one instance of 'Branding' on line 103.

[sabernhardt]

Case Study links with arrows in Twenty Seventeen pattern

[viralsampat]

I have updated my patch and resolved the issue.

[viralsampat]

Hello @sabernhardt

Thank you so much for your feedback.

I read your feedback. I worked on missing escaping and added it based on requirement. I have attached new patch for twentyseventeen theme.

Thanks

[SirLouen]

Looks good to me, file is passing all standards.
I wonder how you got to this PHPCS thing. phpcs.xml.dist was not blaming neither before or after...
Also for how limited these strings are I'm unsure if escaping is really needed

[darshitrajyaguru97]

Test Report

Patch tested: https://core.trac.wordpress.org/attachment/ticket/63264/63264.4.patch

Environment:

OS: Windows 10
PHP: 8.2.12
WordPress: 6.9-alpha-60093-src
Browser: Chrome
Theme: Twenty seventeen
Plugins: None activated

Actual Results:

✅ After patch:
Frontend: ​https://prnt.sc/D_rG50EOUM3K

✅ Patch working well as desired solution

[SergeyBiryukov]

In 60242:

Twenty Thirteen: Correct alt attributes for some images in block patterns.

Follow-up to [51012].

Props viralsampat, sabernhardt.
See #63264.

[SergeyBiryukov]

In 60243:

Twenty Nineteen: Use correct escaping function for alt attributes in block patterns.

Follow-up to [49348].

Props viralsampat, sabernhardt.
See #63264.

[SergeyBiryukov]

In 60244:

Twenty Eleven: Use correct escaping function for alt attributes in block patterns.

Follow-up to [51103].

Props viralsampat, sabernhardt.
See #63264.

[SergeyBiryukov]

In 60247:

Twenty Fourteen: Use correct escaping function for alt attributes in block patterns.

Follow-up to [51045].

Props viralsampat, sabernhardt.
See #63264.