From 2a10fc1e5b97797594541a71bfa796e8f2808ab6 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Fri, 1 Jul 2022 19:59:38 +0000
Subject: [PATCH] Widgets: Add a comment in `WP_Nav_Menu_Widget::form()` to
 clarify the `esc_attr()` usage.

The URL to create a new menu from the the Navigation Menu widget can be a `javascript:` link to the Customizer Menus panel, so `esc_attr()` is used here instead of `esc_url()`.

Follow-up to [53092].

Props hztyfoon.
Fixes #56128.

git-svn-id: https://develop.svn.wordpress.org/trunk@53630 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/widgets/class-wp-nav-menu-widget.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/widgets/class-wp-nav-menu-widget.php b/src/wp-includes/widgets/class-wp-nav-menu-widget.php
index ea8626edb3..328f4167b9 100644
--- a/src/wp-includes/widgets/class-wp-nav-menu-widget.php
+++ b/src/wp-includes/widgets/class-wp-nav-menu-widget.php
@@ -171,8 +171,12 @@ class WP_Nav_Menu_Widget extends WP_Widget {
 				$url = admin_url( 'nav-menus.php' );
 			}
 
-			/* translators: %s: URL to create a new menu. */
-			printf( __( 'No menus have been created yet. <a href="%s">Create some</a>.' ), esc_attr( $url ) );
+			printf(
+				/* translators: %s: URL to create a new menu. */
+				__( 'No menus have been created yet. <a href="%s">Create some</a>.' ),
+				// The URL can be a `javascript:` link, so esc_attr() is used here instead of esc_url().
+				esc_attr( $url )
+			);
 			?>
 		</p>
 		<div class="nav-menu-widget-form-controls" <?php echo $empty_menus_style; ?>>