[buddypress-trac] [BuddyPress Trac] #6656: escape translations
buddypress-trac
noreply at wordpress.org
Mon Oct 12 10:01:22 UTC 2015
#6656: escape translations
---------------------------+-----------------------------
Reporter: DJPaul | Owner:
Type: idea | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Locale - i18n | Version:
Severity: normal | Keywords:
---------------------------+-----------------------------
I'm proposing that for 2.5 onwards, we treat all (new) translations as
untrusted from now on.
For BuddyPress, we've always known who the translator validators are,
because it's the same people who do that for WordPress, and we have a lot
of trust and faith and appreciation in them.
Now that other plugins are on the WordPress.org translation platform, and
that each plugin can have its own validators added for a specific language
without any further community oversight, the risk of someone sneaking
something mischievous into any plugin (via a bad translation) is higher.
Certainly for any new plugins that I write, the translations will be
escaped to cover this -- just in case.
As I don't think BuddyPress should exist on an island by itself when it
comes to best practices, and because I think we are able to (and should)
contribute to a mindset shift in the plugin community, I'm suggesting we
gradually introduce escaping into BuddyPress strings from 2.5 onwards. For
example, replacing `_e` with `esc_html_e`, and so on.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6656>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list