I have several complain about abuse of sanitization . I guess when a reviewer saw _e(), _x(),__() they without any hesitation give that a soft rejection, Why?
Say
register_nav_menus( array(
‘primary’ => __( ‘Primary’, ‘theme’ ),
‘tophead’ => __( ‘Top Header’, ‘theme’ ),
) );
I must say reviewer gives soft reject citing you have sanitization error, I ask you by any means is there any chance of malicious code here or did I inject any html tag? The samething for _x(),_e . Yes you can give rejection I write _($var,‘theme’) , here the $var is unknown or variable so I must use esc_html().
The similar thing happen if reviewer see admin_url() or site_url() or home_url(), they say you must use esc_url to sanitise . But those function output constant . Is there any chance that admin_url() will output siteurl/admin , I don’t know . Yes it may happen if only if wordpress goes mad .
They even suggest to follow - https://gist.github.com/emiluzelac/32d53ab85c05cda846ad61590588a7bb
There is clearly said that if there is html tag then use esc_html_() . So without having any html tags howcome it is a soft reject.
Please stop this .
