Make nav menu names translatable

[Aetles]

Making the nav menu names translatable. The reason for using esc_html__() is explained here.

[olefredrik]

We are using _e for translatable strings elsewhere in the theme. I was not aware that using esc_html__ was better. If we're switching to esc_html__, wouldn't it make sense to update the rest of the theme as well to use this? I guess the existing language files will not be affected by this?

[Aetles]

Yes, I think that would be better.

To be honest, I wasn't aware of it either but I saw that Underscores was using it (just like in the Stack Overflow question) and they generally have good reasons for what they use in Underscores (actually there are some cases, like this, where they use the ordinary __() but then escapes it with wp_kses() instead).

According to the SO answer above it seems lika a good thing to consider language files to be an untrusted source (both for XSS or just generally bad markup). That is also what this answer says:

esc_html_e() and esc_html__() are similar, but they are used for strings that do contain markup. They each escape the provided string, and then call on their corresponding _e() or __() counterparts depending on which one you use.

Escaping HTML is necessary if you're accepting strings provided from user input. XSS attacks are probably the most common types of attacks on sites that accept user input and render it on the page. An attacker can easily provide <script> tags and execute arbitrary Javascript on your page if the input is not properly cleaned or escaped.

So, unless anyone else has a reason not to, I think it's a good thing to switch all __() and _e() to esc_html__() and esc_html_e().

[Aetles]

(Btw, the reason Underscores sometimes uses __() but then escapes it with wp_kses() is when there is HTML in the string and thus they cannot use esc_html__().)

[olefredrik]

I'll merge this for now and we can convert _e to esc_html__ for the rest of the translatable strings at a later time.