New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation for all the whitelist comments #446
Comments
Previously: #361 |
Related: #228 |
Note also that I've proposed a way to standardize these whitelisting comments in a model following JSCS, as opposed to our current ad hoc system: squizlabs/PHP_CodeSniffer#604 Example: echo $do_you_trust_me; // @codingStandardsIgnoreLine WordPress.XSS.EscapeOutput |
Uses of There are two more to add to your list from the direct database query sniff:
The reason that these don't use |
Note also: there is a wiki, and you are welcome to contribute to it. 😄 |
Thanks @johnbillion. I've added a section cautioning against overuse, and explaining how to refactor the example to actually fix it without adding the whitelisting flag. |
It's difficult to determine which whitelist comments (eg.
WPCS: sanitization ok
) are available to use. These should be documented, and it would be good if the documentation recommended a standard format such as// WPCS: sanitization ok
.Here's the list I have. Are there more?
XSS
sanitization
CSRF
loose comparison
override
input var
The text was updated successfully, but these errors were encountered: