Soft reject: All strings should be escaped with esc_html__() not __() but!

Envato Authors Theme Authors
1

New theme requirement: We should escape all strings with esc_html__() and only use __() when the wp_kses() is used! ok no problem!

https://gist.github.com/kailoon/01fa8e95d2e910e666c6
https://developer.wordpress.org/themes/functionality/internationalization/#escaping-strings

But when we use option panels, we save all options into array and pass it to the generator to do more with less! and we know strings should ‘escaped late’.

for example:

$filed = array(
	'name'  => __( 'Homepage', 'better-studio' ),
	'type'  => 'group',
	'state' => 'close',
);

// somewhere else

<h1><?php esc_html__( $filed['name'], 'textdomain' ); ?></h1>

But the reviewers are rejecting our theme because they say we should escape the array and also we should escape it in printing ( because they search ‘echo $’… )! There is no need to first escaping! http://envato.d.pr/oWR7/xLctXoDy

Any idea how we should fix this with reviewers?

2

Just explain it to the reviewer and show them the example with exact line numbers, it should be enough :slight_smile:

3

Yes you should escape it or else your item won’t get accepted :slight_smile:

'name'  => esc_html__( 'Homepage', 'better-studio' ),
<h1><?php echo esc_html( $filed['name'] ); ?></h1>
4

Yes i did and my theme was approved :slight_smile:

5

No thats not needed! i created a bench mark on my code with that two escape and that makes theme 0.03ms slower!
We care speed :sweat_smile: and our theme was approved today.
Thanks for reply.

6

ic… congrats on your new theme… good luck on sales :slight_smile:

7

Thanks :blush:

8

Your new theme is awesome, good luck with more sale :tada:

1 Like
9

Thanks :slight_smile: