All dynamic data must be correctly escaped

wordpress

#1

Got a soft reject today, one of the reasons was a constantly repeating one:

All dynamic data must be correctly escaped for the context where it is rendered.

Would some one, preferably from Envato, please share the search pattern reviewers use to find unescaped text ?

Here is what I’ve tried with no results.

echo $
__
_e
echo "
echo '

Sure, I have some places where in the theme you can find echo $, but I’ve escaped that just a couple of lines above, or dynamically. Either there is some very smart search pattern that I’m missing, or there is something very dumb with the way code is reviewed these days. I’ve been as careful and explicit as possible with the code and escaping it, and I’m still seeing vague rejects for unescaped data. Not even a pointer to what kind of data isn’t escaped, as if the whole theme was unescaped…

Can somebody please share their workflow to fixing this ?