[wp-trac] [WordPress Trac] #63074: Automated Output Escaping Based on REST API Schema
WordPress Trac
noreply at wordpress.org
Fri Mar 7 11:44:17 UTC 2025
#63074: Automated Output Escaping Based on REST API Schema
--------------------------+-----------------------------
Reporter: codersantosh | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Currently, the WordPress REST API provides robust schema definitions for
input validation and sanitization through data type, format,
sanitize_callback, and validate_callback within arg_options. However,
there is no equivalent mechanism for automatically escaping output based
on the defined schema.
This issue proposes two enhancements:
**Default Escape Feature:**
- Implement a default escaping mechanism that automatically applies
appropriate escaping functions to API responses based on the type and
format keywords defined in the schema.
**Introduce an escape_callback within arg_options of the schema, similar
to sanitize_callback and validate_callback.**
- This would allow developers to define custom escaping functions for
specific fields or data types, providing greater flexibility and control
over output escaping.
These enhancements would significantly improve the security and developer
experience of the WordPress REST API by providing a more comprehensive and
automated approach to data escaping.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63074>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list