[wp-trac] [WordPress Trac] #57133: $type should be escaping in 'user-new.php'
WordPress Trac
noreply at wordpress.org
Fri Nov 18 00:47:29 UTC 2022
#57133: $type should be escaping in 'user-new.php'
---------------------------+-----------------------------------------------
Reporter: monzuralam | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration, coding-standards
2nd-opinion |
---------------------------+-----------------------------------------------
Comment (by rudlinkon):
Replying to [comment:7 peterwilsoncc]:
> My inclination is to add the escaping as a defensive coding measure.
>
> While the variables are set to values that do not require escaping
currently, this may change in the future so it would be good to protect
core contributors from their future selves.
>
> My personal approach is to escape anything that is a variable:
>
> {{{#!php
> <?php
> // Needs escaping
> $attr = __( 'Attribute value' );
> ?>
> <div data-attr="<?php echo esc_attr( $attr ); ?>"></div>
> <?php
>
> // Does not need escaping
> ?>
> <div data-attr="<?php echo __( 'Attribute value' ); ?>"></div>
> }}}
Thank you @peterwilsoncc for your valuable comment. Actually, I'm
following the rules which you mentioned.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57133#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list