It turns out, that from now on, it’s a best practice to escape with
esc_html__() instead of simply doing
__() in your plugins and themes.
Replacing everything with
esc_html() is a solution, but what about the
__() in your code that already contain some minor code ( like a few wrapping spans here and there ) ?
Here is what I did:
1. Search and replace every
2. Then find all the esc_html functions that have HTML in them
That’s going to show you all the
esc_html_e() that contains a “<” or “>” somewhere within. I use phpStorm to perform the search, and the above Regex works just fine for me.
3. Adjust your code so that the string no longer requires inline HTML
That’s it. You’re no longer a robot that has to manually go over each internationalized string.