Support » Developing with WordPress » Output of translatable string in plugins

  • Hi guys,

    I normally just use _e() and not esc_html_e().
    Is it really necessary to use the escaped version for all strings in throughout my plugin(s)?
    I am somewhat comfortable with seeing translation files a being a secure source!?

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    Did you do the translation yourself? No? Then it’s not secure 🙂 To be fair, the folks who do translations are really awesome and I cannot imagine any of them would do anything nefarious. All the same, it’s possible for a bad actor to infiltrate our ranks. Better safe than sorry.

    (I had the same question when I was learning about sanitation)

Viewing 1 replies (of 1 total)
  • The topic ‘Output of translatable string in plugins’ is closed to new replies.