Support when esc_xml() should be used

## What problem would the enhancement address for VIP?

`esc_xml()` is being [introduced in WP 5.5](https://make.wordpress.org/core/2020/07/21/new-esc_xml-function-in-wordpress-5-5/).

It would be great if WordPressVIPMinimum.Security.ProperEscapingFunction sniff could recognise when an escaping function is being used (typically `esc_html()` up to now, but someone may have used an incorrect escaping function) in an XML context.

## Describe the solution you'd like

Update the existing sniff.

Update our public docs to better clarify when `esc_xml()` should be used.

## What code should be reported as a violation?

{Needs examples}

## What code should *not* be reported as a violation?

{Needs examples}


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support when esc_xml() should be used #555

What problem would the enhancement address for VIP?

Describe the solution you'd like

What code should be reported as a violation?

What code should not be reported as a violation?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support when esc_xml() should be used #555

Description

What problem would the enhancement address for VIP?

Describe the solution you'd like

What code should be reported as a violation?

What code should not be reported as a violation?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions