Skip to content

Support when esc_xml() should be used #555

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Support when esc_xml() should be used#555
Assignees
jrfnl
Labels
Standard: VIP-GoType: Enhancement
Milestone
 
3.x
@GaryJones

Description

@GaryJones
GaryJones
opened on Jul 27, 2020

What problem would the enhancement address for VIP?

esc_xml() is being introduced in WP 5.5.

It would be great if WordPressVIPMinimum.Security.ProperEscapingFunction sniff could recognise when an escaping function is being used (typically esc_html() up to now, but someone may have used an incorrect escaping function) in an XML context.

Describe the solution you'd like

Update the existing sniff.

Update our public docs to better clarify when esc_xml() should be used.

What code should be reported as a violation?

{Needs examples}

What code should not be reported as a violation?

{Needs examples}

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Standard: VIP-GoType: Enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions