plugin development – Why would you use esc_attr() on internal functions?


I see a lot of these in premium themes/plugins.

#1 – Why would you escape this? It’s your own data. For consistency?

function prefix_a() {
    $class_attr="a b c";

    // Some more code.

    return '<div class="' . esc_attr( $class_attr ) . '">Content</div>';

// Called somewhere.

#2 – Again, why? The data doesn’t come from the DB.

function prefix_b( $class ) {
    // Some code.

    return '<div class="' . esc_attr( $class ) . '">Content</div>';

// Called by a developer from the team.
prefix_b( 'developer adds a class' );

Yes, a child theme developer might call the function above, but he/she is already in control.

user557108 1 year 2022-01-18T11:32:14-05:00 0 Answers 0 views 0

Leave an answer