Hey just wondering if anyone else is escaping translated text in their themes? This was in the feedback I received in a soft reject:
It looks like internationalized text strings are not being escaped:
__( 'String', ‘text-domain’ ); _e( 'String', ‘text-domain’ );
UPDATE your theme to use the following:
esc_html__( 'String', 'text-domain' ); esc_html_e( 'String', ’text-domain' );
wp_kses( __( 'String <strong>something</strong>', 'text-domain' ), $allowed_html_array );
It’s possible for translators to sneak HTML and JS into translation files or even just inadvertently mess something up. So, it’s good practice to simply escape them.
But I notice in twentysixteen this additional level of escaping was recently removed:
So are we safe to just use
__('foo','bar'); in our themes or do we have to escape all translations?