Strange --> Data Validation issues have been found in your theme.

Hi there,
I need your help. Recently i got another soft rejection, and one step i don’t understand:

Data Validation issues have been found in your theme. All dynamic data must be correctly escaped for the context where it is rendered. - All dynamic data must be escaped with esc_attr() before rendered in an html attribute. - Whenever you are rendering a url to the screen its value must be passed through esc_url() first. - If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js()

Ok is clear but Reviewer send me some screenshot and is very strange:
<php echo vegablog_lang('string');</php> ok, but this function use an array and every string is proper escaped with esc_html.
Now i need to double escape this function? E.G. echo esc_html(function) and string inside function is escaped as well.
Double escape is good? Thanks for your time. Have a nice Day

We had the same situation. Explaining that the not escaped data is a concatenation of previously escaped data did the job in our specific case. Depends on how exactly are you using the data and if it creates vulnerability or not.

So i need explain to Reviewer that not escaped data is a concatenation of previously escaped data? Thank’s for your help👍
Function only use this :
$vega_locals = array( 'most_commented' => esc_html__('Most commented posts', 'vegablog'), 'reply' => esc_html__('Reply', 'vegablog'), 'home' => esc_html__('Home', 'vegablog'), so i think is not a problem.

Escaping should be done at the point of “echoing” is it were, you should be escaping your data at the last possible moment for Envato Review Standards.

e.g: echo esc_html(function)

@tommusrhodus Perfect answer. Thanks a lot. Have a nice day👍