David Biňovec

icon indicating a website link http://david.binda.cz icon indicating an email [email protected]

icon company @Automattic @wpcomvip icon location Prague, Czech Republic icon location Developer at Automattic / WordPress.com

Results 12 comments of David Biňovec

scan-theme CLI command hides errors without lines

@rmccue thank you for ticketing this. I was just about to look into this issue but can not reproduce it. (I was testing it agains random themes). Could you, pls,...

Check for escaping l10n functions

@gudmdharalds could you look into this?

Filename is missing from many errors

@gudmdharalds could you look into this?

Block Widgets: Lost Widgets after viewing widgets.php

I have a patch for review & testing in D69021-code . Would appreciate some eyes and testing on it, before deploying.

flag esc_* inside <script> tag

We could check via sniff whether there is an open HTML attribute prior `esc_js`, and if not, it's in 99% of cases wrongly used function.

flag esc_* inside <script> tag

Some more context also containing code examples can be found here: https://vip.wordpress.com/documentation/vip-go/vip-code-review/javascript-security-best-practices/#escaping-dynamic-javascript-values Some other examples can be found in comments in the WordPress documentation for the `esc_js` function: https://developer.wordpress.org/reference/functions/esc_js/ `esc_js`...

Ensure that the closing brace is properly aligned

> There is another sniff - which IIRC is included in WPCS - which checks the closing brace. Oh, it does not seem to kick-in then :) Also, I might...

Ensure that the closing brace is properly aligned

Thank you for following up!

include `url(' . esc_url_raw()` to proper escaping function sniff

Good point @westonruter , thanks ! I'll poke around more before acting on this.

include `url(' . esc_url_raw()` to proper escaping function sniff

Hey @GaryJones ! Again, sorry for not being clear. I meant that we should be catching stuff like this: ```