Should we trust WordPress Core translations?
A while ago I was working on a patch to refresh the code for the default widgets that are included with WordPress Core. One of the changes made was to replace the i18n methods currently in-place with their counterparts that escape and translate the output. This is a pretty common practice as translation files can be a potential attack vector for hackers. WordPress.com VIP will usually request that this is added to any strings being translated and it is part of the 10up best practices. (more…)