Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
* Escape all translations with
__( ‘Some String’, ‘text-domain’ ); _e( ‘Some string’, ‘text-domain’ );.
* When there is no HTML use:
esc_html__( ‘Some String’, ‘text-domain’ ); esc_html_e( ‘Some String’, ‘text-domain’ );
* For some HTML:
wp_kses( __( ‘Some String something’, ‘text-domain’ ), $allowed_html_array );

This is still valid for 95% uses, right ? Even if there is no html.

__( ‘Some String’, ‘text-domain’ );

esc_html__ should be used only when the authors intention is to remove HTML, not because it would be an Envato requirement, right ?

I'll just leave this for other authors receiving this reject reason:

All strings must be escaped with esc_html__

Have a look here:

The new standard is: __() and _e() can only be used if you wrap them in wp_kses()

dtbaker commented Oct 23, 2016

Heya @kailoon what tools do you use to find these issues in themes? I have tried both theme-check and phpcs but they do not highlight un-translated text like <p>Untranslated text:</p>? Do you have your own script or another "theme check" tool that will find something like this?


aliaghdam commented Oct 25, 2016

@kailoon What about when we are storing data into array ( for example in frameworks and options panels ) and printing them when needed.

$filed = array( 'name' => __( 'Homepage', 'textdomain' ), 'type' => 'input', );

// somewhere else

<h1><?php esc_html__( $filed['name'], 'textdomain' ); ?></h1>

Are you sure we should 'escape late' just in printing like my example? and not inside the main array? but they are rejecting our theme for this:

They are forcing us to escape twice but that is not needed and makes theme slow for nothing!

xperter commented Jan 9, 2017

@dtbaker I have tried with Regex but not working :/


kailoon commented Mar 2, 2017

@dtbaker Sorry, I just check them manually ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment