Last active
July 1, 2023 08:54
-
-
Save kailoon/01fa8e95d2e910e666c6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Escape all translations with | |
| */ | |
| __( ‘Some String’, ‘text-domain’ ); _e( ‘Some string’, ‘text-domain’ );. | |
| /** | |
| * When there is no HTML use: | |
| */ | |
| esc_html__( ‘Some String’, ‘text-domain’ ); esc_html_e( ‘Some String’, ‘text-domain’ ); | |
| /** | |
| * For some HTML: | |
| */ | |
| wp_kses( __( ‘Some String something’, ‘text-domain’ ), $allowed_html_array ); |
- All theme text strings are to be translatable and properly escaped. https://gist.github.com/kailoon/01fa8e95d2e910e666c6 example(s) from your code and there are more: https://envato.d.pr/fWcY4T
@kailoon could you explain for me clear more about this point. What's it wrong?
Envato required using function esc_html__() inserted __()?
Exactly, We can not use (), Only verify esc_html()
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No, I can't, because the result will be the same. The problem is that escaping cannot be double. If it happens in a JS application, then you shouldn't escape texts in PHP.
Are you familiar with React, Vue or Svelte? In these frameworks, text values are rendered exactly as texts, and to render html, you need to use special syntax. Thus, you cannot escape texts in PHP because they will appear escaped on the page.
Please look at this example:
https://svelte.dev/repl/12ead03462944e4f9b2811025d37075a?version=3.49.0
It displays 2 strings, the first one with untouched text, the second one after being processed by
esc_html()on the PHP side. It is clear that in the second case, we get the wrong result due to redundant escaping in PHP.