Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape translated strings #590

Open
andersnoren opened this issue Apr 25, 2024 · 1 comment
Open

Escape translated strings #590

andersnoren opened this issue Apr 25, 2024 · 1 comment

Comments

@andersnoren
Copy link

If you save changes made to a PHP file (like a pattern) with text strings, CBT will output the text strings with the __() localize function, like so:

<!-- wp:heading {"level":1} -->
<h1 class="wp-block-heading"><?php echo __( 'Posts', 'cozy-grove' ); ?></h1>
<!-- /wp:heading -->

But according to the WordPress Developer Handbooks, all output should be run through an escaping function. If you run the code generated by CBT through PHP_CodeSniffer with the WordPress Coding Standard enabled, it gives you an error for the lines with the unescaped strings.

Maybe wp_kses_post(), like so:

<!-- wp:heading {"level":1} -->
<h1 class="wp-block-heading"><?php echo wp_kses_post( __( 'Posts', 'cozy-grove' ) ); ?></h1>
<!-- /wp:heading -->
@t-hamano
Copy link
Contributor

I think the esc_html_e() function is the simplest.

<!-- wp:heading {"level":1} -->
<h1 class="wp-block-heading"><?php esc_html_e( 'Posts', 'cozy-grove' ); ?></h1>
<!-- /wp:heading -->

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Create Block Theme Release Planning
Status: Features
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andersnoren @t-hamano