This post is part of the sub-series on Internationalizing a ClassicPress plugin which is part of the Internationalizing a ClassicPress plugin series.
In the previous post, of this series, I explained what functions were available for use in internationalizing a plugin, but there is something you need to consider when deciding which one to use.
With security at the forefront, it is important to remember that you cannot trust translators as you do not know who the translator will be. As you don’t know them, you can’t be sure that they won’t add something malicious to the translated string. To protect against this, you need to treat the localized strings as you would any other untrusted input: by escaping them.
So instead of using the plugins at the top of the previous post, you should be using the ones at the bottom which escape the returned or echoed strings.
Translating a ClassicPress plugin
What should we write about next?
If there is a topic which fits the typical ones of this site, which you would like to see me write about, please use the form, below, to submit your idea.