It turns out, that from now on, it’s a best practice to escape with
esc_html__() instead of simply doing
__() in your plugins and themes.
Replacing everything with
esc_html() is a solution, but what about the
__() in your code that already contain some minor code ( like a few wrapping spans here and there ) ?
Here is what I did:
- Search and replace every
Then find all the esc_html functions that have HTML in them
That’s going to show you all the
esc_html_e() that contains a “<” or “>” somewhere within. I use phpStorm to perform the search, and the above Regex works just fine for me.
- Adjust your code so that the string no longer requires inline HTML
That’s it. You’re no longer a robot that has to manually go over each internationalized string.