VIP-Coding-Standards icon indicating copy to clipboard operation
VIP-Coding-Standards copied to clipboard
verified publisher icon Automattic

Support when esc_xml() should be used

Open GaryJones opened this issue 5 years ago • 0 comments

What problem would the enhancement address for VIP?

esc_xml() is being introduced in WP 5.5.

It would be great if WordPressVIPMinimum.Security.ProperEscapingFunction sniff could recognise when an escaping function is being used (typically esc_html() up to now, but someone may have used an incorrect escaping function) in an XML context.

Describe the solution you'd like

Update the existing sniff.

Update our public docs to better clarify when esc_xml() should be used.

What code should be reported as a violation?

{Needs examples}

What code should not be reported as a violation?

{Needs examples}

GaryJones avatar Jul 27 '20 12:07 GaryJones