Skip to content

Convert htmlAttrNotByEscHTML to warning or back to error for consistency with other rules #601

@rebeccahum

Description

@rebeccahum

We typically don't have any errors that are below 5 (with 5 being the default severity level).

<rule ref="WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML">
<!-- This is still safe, just sub-optimal-->
<severity>3</severity>

However, on the VIP Go ruleset, we have WordPressVIPMinimum.Security.ProperEscapingFunction.htmlAttrNotByEscHTML marked as an error at a level 3. I think this could cause potential confusion and for consistency's sake, we should either mark it as a warning with a higher severity or bring it back to the default error level.

FWIW, I don't have the exact context on why it was brought down to a level 3 and the PR where it was introduced has no description.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions