Please stop mis-using and give soft rejection in the name of sanitisation

I have several complain about abuse of sanitization . I guess when a reviewer saw _e(), _x(),__() they without any hesitation give that a soft rejection, Why?

Say
register_nav_menus( array(
‘primary’ => __( ‘Primary’, ‘theme’ ),
‘tophead’ => __( ‘Top Header’, ‘theme’ ),
) );
I must say reviewer gives soft reject citing you have sanitization error, I ask you by any means is there any chance of malicious code here or did I inject any html tag? The samething for _x(),_e . Yes you can give rejection I write _($var,‘theme’) , here the $var is unknown or variable so I must use esc_html().

The similar thing happen if reviewer see admin_url() or site_url() or home_url(), they say you must use esc_url to sanitise . But those function output constant . Is there any chance that admin_url() will output siteurl/admin , I don’t know . Yes it may happen if only if wordpress goes mad .

They even suggest to follow - https://gist.github.com/emiluzelac/32d53ab85c05cda846ad61590588a7bb
There is clearly said that if there is html tag then use esc_html_() . So without having any html tags howcome it is a soft reject.

Please stop this .

1 Like

That’s not true, they’re really good and most of them are helpful too

I had similar issues
https://forums.envato.com/t/sanitize-everything-rule-nonsense-but-item-rejected?source_topic_id=127074

esc_html() does two things:

Checks for invalid UTF8 in a string.
Converts a number of special characters into their HTML entities

Using it instead of __(), _e and other i18n functions protects your website from possible errors that can occur with unaware translators who may use text that contains invalid UTF8 characters or unwanted HTML code.