• Resolved jayhybrid

    (@jayhybrid)


    I am writing a plugin and using the WP code sniffer for help.

    In an AJAX call the server responds with some JSON:
    wp_send_json_success or wp_send_json_error

    In particular I am doing this:

    echo wp_send_json_error(
        $email_confirmation->getData()
    );

    But the code sniffer is unhappy with this and says I should escape the output.

    All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found ‘wp_send_json_success’.

    How?
    Is there a function for escaping json?

    • This topic was modified 2 years, 12 months ago by jayhybrid.
    • This topic was modified 2 years, 12 months ago by jayhybrid.
    • This topic was modified 2 years, 12 months ago by jayhybrid. Reason: formatting
Viewing 2 replies - 1 through 2 (of 2 total)
  • wp_send_json_error() already echoes. You shouldn’t need an echo statement. The sniffer is expecting an escaping function or a function that is already escaped when you use echo, but it’s not recognising wp_send_json_error() as safe because it’s not supposed to be used with echo.

    So just remove echo to solve the issue.

    Thread Starter jayhybrid

    (@jayhybrid)

    Jacob, thank you!

    I can’t believe I haven’t considered this, I should have payed more attention to the documentation.

    Regards
    Jay

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to escape wp_send_json?’ is closed to new replies.