Escaping hardcoded strings

  • Hi there
    Is there any specific reason why we should be escaping hardcoded strings?
    For example:
    echo esc_html__( 'There are no posts created yet', 'textdomain' );

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter marcinos06

    (@marcinos06)

    The reason I’m asking about this is that Theme Sniffer returns warning for this.

    Moderator bcworkz

    (@bcworkz)

    Not if there are no chars in the string that would need to be escaped. The WP code verifies valid UTF-8 encoding and escapes & < > " ‘ chars. If you are sure* neither applies to your string, then there is no point in escaping, it will not change anything.

    *However, you have no idea how your string might get translated, so your “hardcoded string” is in effect a variable in your example, so it should be run through an escape function.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Escaping hardcoded strings’ is closed to new replies.

Tags