Hello,
My item got rejected because of “sanitize everything” rule.
This is the scenario:
I have a class, let’s call it Layout, which has some methods that simply generate some re-usable templates, without including template parts (so there will be much fewer requests done)
In my templates files I do
<?php echo Layout::titleBlock() ?>
But, this titleBlock method already sends sanitized output:
return esc_attr('__String__')
No filters are being applied, no actions are being done. Simply return a (sanitized) string.
Reviewer told me that I need to re-sanitize echo Layout::titleBlock .
This is a non-sense. It simply generates useless calls of functions, and considering PHP’s speed, it’s just really unneded.
I understand that for reviewers is much easier to check if every “echo” is done via a wp built-in function but I have thousands of places where I use this kind of outputing. (small, re-usable elements).
Why should I sanitize one text a million times over the theme, if I can sanitize it once and use everywhere ?
As I said, this text doesn’t get filtered trough some filters, nor actions are being applied. It’s just plain text that is being sent and echo’ed.
What should I do ? There are reaaaly a lot of places where I use this way of outputting.