Is there any reason why Gutenberg is not following the recommended best practices provided by the WordPress-Extra ruleset for phpcs?
I enabled it on my local dev environment to check how many linting issues would it raise, and it seems it has a few, including some security issues like missing escaping and nonces.
FILE: /Users/mmtr/dev/gutenberg/bin/get-server-blocks.php
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 2 LINES
----------------------------------------------------------------------
13 | WARNING | error_reporting() can lead to full path
| | disclosure.
| | (WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting)
13 | WARNING | error_reporting() found. Changing configuration
| | values at runtime is strongly discouraged.
| | (WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_error_reporting)
39 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: /Users/mmtr/dev/gutenberg/gutenberg.php
FOUND 6 ERRORS AFFECTING 6 LINES
14 | ERROR | Logical operator "or" is prohibited; use "||"
| | instead
| | (Squiz.Operators.ValidLogicalOperators.NotAllowed)
58 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $submenu
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
64 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $submenu
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
90 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '__'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
103 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
137 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'wp_create_nonce'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/widgets.php
FOUND 1 ERROR AFFECTING 1 LINE
71 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'wp_nonce_field'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/experiments-page.php
FOUND 6 ERRORS AFFECTING 5 LINES
19 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found ''.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
106 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
107 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
107 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
108 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$args'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
120 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found ''.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/rest-api.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
33 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
FILE: /Users/mmtr/dev/gutenberg/lib/client-assets.php
FOUND 2 ERRORS AND 7 WARNINGS AFFECTING 8 LINES
241 | WARNING | [x] "require_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
443 | WARNING | [ ] In footer ($in_footer) is not set explicitly
| | wp_enqueue_script; It is recommended to load
| | scripts in the footer. Please set this value to
| | true to load it in the footer, or explicitly
| | false if it should be loaded in the
| | header.
| | (WordPress.WP.EnqueuedResourceParameters.NotInFooter)
443 | ERROR | [ ] Resource version not set in call to
| | wp_enqueue_script(). This means new versions of
| | the script will not always be loaded due to
| | browser caching.
| | (WordPress.WP.EnqueuedResourceParameters.MissingVersion)
509 | ERROR | [ ] All output should be run through an escaping
| | function (see the Security sections in the
| | WordPress Developer Handbooks), found
| | '"$src|$filename\n"'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
534 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fclose()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fclose)
537 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fopen()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fopen)
538 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fwrite()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fwrite)
539 | WARNING | [ ] File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | fclose()
| | (WordPress.WP.AlternativeFunctions.file_system_read_fclose)
606 | WARNING | [ ] file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
PHPCBF CAN FIX THE 1 MARKED SNIFF VIOLATIONS AUTOMATICALLY
FILE: /Users/mmtr/dev/gutenberg/lib/demo.php
FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 3 LINES
18 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
18 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
34 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
56 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
FILE: ...ev/gutenberg/lib/class-experimental-wp-widget-blocks-manager.php
FOUND 4 ERRORS AND 1 WARNING AFFECTING 5 LINES
287 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
313 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found '$options'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
315 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found 'render_block'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
317 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found '$options'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
416 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $sidebars_widgets
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: /Users/mmtr/dev/gutenberg/lib/customizer.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
35 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: /Users/mmtr/dev/gutenberg/lib/class-wp-block-styles-registry.php
FOUND 3 ERRORS AFFECTING 3 LINES
45 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
51 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
77 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '$message'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: /Users/mmtr/dev/gutenberg/lib/template-loader.php
FOUND 1 ERROR AND 1 WARNING AFFECTING 2 LINES
137 | WARNING | file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
175 | ERROR | All output should be run through an escaping
| | function (see the Security sections in the WordPress
| | Developer Handbooks), found
| | 'wp_get_document_title'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: ...r/dev/gutenberg/lib/class-wp-rest-block-directory-controller.php
FOUND 0 ERRORS AND 9 WARNINGS AFFECTING 9 LINES
97 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
98 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
99 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
100 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
169 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
170 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
171 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
172 | WARNING | [x] "include_once" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
221 | WARNING | [x] "include" is a statement not a function; no
| | parentheses are required
| | (PEAR.Files.IncludingFile.BracketsNotRequired)
PHPCBF CAN FIX THE 9 MARKED SNIFF VIOLATIONS AUTOMATICALLY
FILE: /Users/mmtr/dev/gutenberg/lib/compat.php
FOUND 1 ERROR AFFECTING 1 LINE
70 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $post
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: ...gutenberg/packages/block-serialization-default-parser/parser.php
FOUND 12 ERRORS AND 2 WARNINGS AFFECTING 14 LINES
83 | ERROR | Visibility must be declared on method
| | "__construct" (Squiz.Scope.MethodScope.Missing)
100 | WARNING | Only one object structure is allowed in a file
| | (Generic.Files.OneObjectStructurePerFile.MultipleFound)
155 | ERROR | Visibility must be declared on method
| | "__construct" (Squiz.Scope.MethodScope.Missing)
172 | WARNING | Only one object structure is allowed in a file
| | (Generic.Files.OneObjectStructurePerFile.MultipleFound)
227 | ERROR | Visibility must be declared on method "parse"
| | (Squiz.Scope.MethodScope.Missing)
234 | ERROR | Empty DO statement detected
| | (Generic.CodeAnalysis.EmptyStatement.DetectedDo)
255 | ERROR | Visibility must be declared on method "proceed"
| | (Squiz.Scope.MethodScope.Missing)
291 | ERROR | The use of count() inside a loop condition is not
| | allowed; assign the return value to a variable and
| | use the variable in the loop condition instead
| | (Squiz.PHP.DisallowSizeFunctionsInLoops.Found)
401 | ERROR | Visibility must be declared on method
| | "next_token" (Squiz.Scope.MethodScope.Missing)
452 | ERROR | Empty IF statement detected
| | (Generic.CodeAnalysis.EmptyStatement.DetectedIf)
476 | ERROR | Visibility must be declared on method "freeform"
| | (Squiz.Scope.MethodScope.Missing)
488 | ERROR | Visibility must be declared on method
| | "add_freeform" (Squiz.Scope.MethodScope.Missing)
509 | ERROR | Visibility must be declared on method
| | "add_inner_block"
| | (Squiz.Scope.MethodScope.Missing)
530 | ERROR | Visibility must be declared on method
| | "add_block_from_stack"
| | (Squiz.Scope.MethodScope.Missing)
FILE: ...packages/block-serialization-default-parser/test/test-parser.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
15 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: ...mmtr/dev/gutenberg/packages/block-library/src/calendar/index.php
FOUND 4 ERRORS AFFECTING 4 LINES
28 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $monthnum
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
30 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $year
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
44 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $monthnum
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
46 | ERROR | Overriding WordPress globals is prohibited. Found
| | assignment to $year
| | (WordPress.WP.GlobalVariablesOverride.Prohibited)
FILE: ...sers/mmtr/dev/gutenberg/packages/block-library/src/rss/index.php
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 3 LINES
33 | WARNING | strip_tags() is discouraged. Use the more
| | comprehensive wp_strip_all_tags() instead.
| | (WordPress.WP.AlternativeFunctions.strip_tags_strip_tags)
62 | WARNING | strip_tags() is discouraged. Use the more
| | comprehensive wp_strip_all_tags() instead.
| | (WordPress.WP.AlternativeFunctions.strip_tags_strip_tags)
71 | WARNING | This comment is 44% valid code; is this commented out
| | code? (Squiz.PHP.CommentedOutCode.Found)
FILE: ...s/mmtr/dev/gutenberg/packages/block-library/src/search/index.php
FOUND 1 ERROR AFFECTING 1 LINE
18 | ERROR | Increment and decrement operators must be bracketed
| | when used in string concatenation
| | (Squiz.Operators.IncrementDecrementUsage.NoBrackets)
FILE: ...tr/dev/gutenberg/packages/block-library/src/categories/index.php
FOUND 1 ERROR AFFECTING 1 LINE
77 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found 'home_url'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
FILE: ...r/dev/gutenberg/packages/e2e-tests/plugins/wp-editor-metabox.php
FOUND 2 ERRORS AFFECTING 2 LINES
51 | ERROR | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Missing)
54 | ERROR | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Missing)
FILE: ...rg/packages/block-serialization-spec-parser/test/test-parser.php
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
15 | WARNING | json_encode() is discouraged. Use wp_json_encode()
| | instead.
| | (WordPress.WP.AlternativeFunctions.json_encode_json_encode)
FILE: ...s/mmtr/dev/gutenberg/phpunit/class-extend-preload-paths-test.php
FOUND 2 ERRORS AFFECTING 2 LINES
23 | ERROR | Visibility must be declared on method
| | "test_localizes_script"
| | (Squiz.Scope.MethodScope.Missing)
35 | ERROR | Visibility must be declared on method
| | "test_replaces_registered_properties"
| | (Squiz.Scope.MethodScope.Missing)
FILE: ...mmtr/dev/gutenberg/phpunit/class-vendor-script-filename-test.php
FOUND 2 ERRORS AFFECTING 2 LINES
9 | ERROR | Visibility must be declared on method
| | "vendor_script_filename_cases"
| | (Squiz.Scope.MethodScope.Missing)
55 | ERROR | Visibility must be declared on method
| | "test_gutenberg_vendor_script_filename"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/phpunit/class-extend-styles-test.php
FOUND 5 ERRORS AND 2 WARNINGS AFFECTING 7 LINES
61 | WARNING | file_get_contents() is discouraged. Use
| | wp_remote_get() for remote URLs instead.
| | (WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents)
69 | WARNING | File operations should use WP_Filesystem methods
| | instead of direct PHP filesystem calls. Found:
| | file_put_contents()
| | (WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents)
77 | ERROR | Visibility must be declared on method
| | "test_without_built_styles"
| | (Squiz.Scope.MethodScope.Missing)
95 | ERROR | Visibility must be declared on method
| | "test_unset_editor_settings_style"
| | (Squiz.Scope.MethodScope.Missing)
111 | ERROR | Visibility must be declared on method
| | "test_replace_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
138 | ERROR | Visibility must be declared on method
| | "test_replace_rearranged_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
165 | ERROR | Visibility must be declared on method
| | "test_without_default_editor_styles"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/phpunit/class-override-script-test.php
FOUND 5 ERRORS AFFECTING 5 LINES
9 | ERROR | Visibility must be declared on method "setUp"
| | (Squiz.Scope.MethodScope.Missing)
21 | ERROR | Visibility must be declared on method "tearDown"
| | (Squiz.Scope.MethodScope.Missing)
30 | ERROR | Visibility must be declared on method
| | "test_localizes_script"
| | (Squiz.Scope.MethodScope.Missing)
49 | ERROR | Visibility must be declared on method
| | "test_replaces_registered_properties"
| | (Squiz.Scope.MethodScope.Missing)
71 | ERROR | Visibility must be declared on method
| | "test_registers_new_script"
| | (Squiz.Scope.MethodScope.Missing)
FILE: /Users/mmtr/dev/gutenberg/post-content.php
FOUND 37 ERRORS AFFECTING 36 LINES
11 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
16 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
20 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
24 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
28 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
32 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
36 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
42 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
48 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
52 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
56 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
60 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
65 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
66 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
67 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
68 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
69 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
70 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
79 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
83 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
88 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
89 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
94 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
98 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
112 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
116 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
120 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
124 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
128 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
141 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
145 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
155 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
159 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
159 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
168 | ERROR | All output should be run through an escaping function
| | (see the Security sections in the WordPress Developer
| | Handbooks), found '__'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
177 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)
185 | ERROR | All output should be run through an escaping function
| | (like esc_html_e() or esc_attr_e()), found '_e'.
| | (WordPress.Security.EscapeOutput.UnsafePrintingFunction)