I set up CodeSniffer in VS Code tonight for the first time using the WP Coding Standards as well as the included codesniffer config file.
One error it threw was in header.php, line 28: "All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'."
The error was referring to the following line of code:
<button aria-label="<?php _e( 'Main Menu', 'foundationpress' ); ?>" class="menu-icon" type="button" data-toggle="<?php foundationpress_mobile_menu_id(); ?>"></button>
Or is there a specific reason for using _e() instead? I'm not a WP expert, so it's entirely possible I'm overlooking something. I'd be glad to submit a PR if appropriate. Thanks!
I set up CodeSniffer in VS Code tonight for the first time using the WP Coding Standards as well as the included codesniffer config file.
One error it threw was in header.php, line 28: "All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'."
The error was referring to the following line of code:
<button aria-label="<?php _e( 'Main Menu', 'foundationpress' ); ?>" class="menu-icon" type="button" data-toggle="<?php foundationpress_mobile_menu_id(); ?>"></button>
After a quick Google of the issue, it looks like esc_attr__() may be more appropriate for returning a translated attribute value. This was added by @aldavigdis in this commit.
Or is there a specific reason for using _e() instead? I'm not a WP expert, so it's entirely possible I'm overlooking something. I'd be glad to submit a PR if appropriate. Thanks!