[wp-trac] [WordPress Trac] #21756: Escape i18n attributes as late as possible
WordPress Trac
wp-trac at lists.automattic.com
Fri Aug 31 18:46:04 UTC 2012
#21756: Escape i18n attributes as late as possible
---------------------------+-----------------------------
Reporter: mfields | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version:
Severity: normal | Keywords: has-patch
---------------------------+-----------------------------
The following code is found in multiple places in both Twenty Ten and
Twenty Eleven:
```printf( esc_attr__( 'Permalink to %s', 'textdomain' ),
the_title_attribute( 'echo=0' ) )```
While the value of ```the_title_attribute()``` is escaped before it is
returned in this example, this code could be reworked to demonstrate the
best practice of escaping as late as possible:
```echo esc_attr( sprintf( __( 'Permalink to %s', 'textdomain' ),
the_title_attribute( 'echo=0' ) ) )```
Twenty Twelve is currently using code similar to the second example.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21756>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list