Bug Description
ProperEscapingFunctionSniff is a great addition to WPCS. It isn't comprehensive, though.
One specific example that I ran into is that it won't catch improper use of wp_json_encode() like it does with other functions.
Minimal Code Snippet
<!-- correctly flags esc_html as the wrong escaping function in this context -->
<img src=a onerror="<?php echo esc_html( $foo ); ?>" />
<!-- fails to catch that this is the wrong escaping function -->
<img src=a onerror="<?php echo wp_json_encode( $foo ); ?>" />
Error Code
WordPressVIPMinimum.Security.ProperEscapingFunction
Bug Description
ProperEscapingFunctionSniff is a great addition to WPCS. It isn't comprehensive, though.
One specific example that I ran into is that it won't catch improper use of
wp_json_encode()like it does with other functions.Minimal Code Snippet
Error Code
WordPressVIPMinimum.Security.ProperEscapingFunction