Joy
(@joyously)
Because they echo and there is no way for the theme to escape it. I suppose they could use a filter, but they shouldn’t have to.
Hi Joy,
You mean something like it’s done in twenty twenty ( echo wp_kses_post( $archive_title ); )?
Could you please explain a bit more detailed, why you think that this is not necessary?
Joy
(@joyously)
I didn’t say it’s not necessary. I said the core function does the echo, so the theme can’t (without a filter).
If you want, you can open a ticket so that the core functions that echo also do the escaping. https://core.trac.wordpress.org/
I get your point, however, wouldn’t it be better not to use these functions, as long as they echo without escaping and instead use get_the_archive_title() and get_the_archive_description(), directly and escape the output (Like it is done e.g. in twenty twenty)?
Joy
(@joyously)
Thanks for creating the ticket! https://core.trac.wordpress.org/ticket/51611
No, not really better, since the theme guidelines say to “use core functionality if it exists”. It makes a more consistent product.
I understand – this makes sense.
Thank you!
There was no reaction on the ticket https://core.trac.wordpress.org/ticket/51611 until now. Because it’s my first ticket there, I ask myself what I’ve done wrong? Did I make a mistake in the ticket creation or is my question not worth answering?
Joy
(@joyously)
No, nothing wrong, but note that the ticket is number 51611. Only some of those are closed, the rest are waiting. There are a lot of contributors, but it is a weekend, and so the time to get a response is quite variable. There is a small team of people that try to evaluate each new ticket.
Some tickets wait for years before the right person comes along with the time and the determination to get a fix in. The Beta for WP 5.6 has just come out, so no more enhancements can be added to 5.6 (fixes only, until release).
That’s good to know. Thank you for the detailed explanation!
