Standardizing and shortening the WP secu…
Standardizing and shortening the WP security escaping functions.
attribute_escape() is now esc_attr()
Additionally, you can do attribute escaping and translation in one go. Just add the translation function to the end. Like so:
esc_attr__()— translate and return, attribute-escaped.esc_attr_e()— translate and echo, attribute-escaped.
Will be following up with esc_html (with __() and _e() variants), esc_url(), maybe some more. Will be nice, short, predictable, and allow you do translate/escape in one go without a lot of nested parenthesis.
Viper007Bond 5:04 am on May 6, 2009 Permalink
An
esc_js()or whatnot might be useful to (i.e. an improvedjs_escape()(see #7648).Mark Jaquith 5:58 am on May 6, 2009 Permalink
Yes, I meant to include that in the list of “coming soon” ones. Though
js_escape()would continue to work, as wouldattribute_escape()andwp_specialchars().Improvements to
esc_js()néejs_escape()are a separate issue — I’ll take a look at that ticket.WordPress News: BuddyPress News, WordPress 2.8 News, WordCamp Toronto & Virginia, WordPress.tv Feeds, and More | The Blog Herald 11:02 pm on May 7, 2009 Permalink
[...] Security Escaping Functions: Standardizing and shortening the WP security escaping functions should improve security and Plugin [...]
Leandro Vieira Pinho 3:11 am on May 9, 2009 Permalink
Why not escape_attr than esc_attr?. Write escape is more intuitive than esc.