#49535 closed defect (bug) (wontfix)
Twenty Twenty: 404.php
| Reported by: |
fahimmurshed
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 5.4 |
| Component: | Bundled Theme | Keywords: | |
| Focuses: | Cc: |
Description
twentytwenty/404.php
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'
Attachments (1)
Change History (3)
#1
@
4 years ago
- Focuses coding-standards removed
- Keywords has-patch removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
For core and its default themes, translations are inherently trusted because of various checks, including a review process for translations. This has been mentioned before in https://core.trac.wordpress.org/ticket/30724#comment:8 so I'm going to close this as wontfix.
#2
@
4 years ago
Thanks for the ticket and the patch!
Core translations (including bundled themes) are considered safe because we have a review process for them, see #42639 and the discussion in #30724. (Also related: #32233.) Not all of Theme Check suggestions apply here.
In WordPress core and bundled themes, strings are generally only escaped in attributes or in <option> tags.
Patch