It basically depends on who is doing the translation and how trusted can he be as if you will not filter things out the translator can add JS code, steel cookies and whatever.

In most of the places translation is done you will have in any case a call to esc_html or esc_attr which will mitigate the problem, but obviously if you need an actual link, you can not use those functions. The use of wp_kses just makes sure there are no surprises in the translation.

For example, there is nothing that prevent a translator from translating __('Hi there) into Hi there <script>alert('evil laugh')</script>. translations are never verified to not include such type of things when they are submitted by translators, and while the example is easy to catch, it might be possible to do more complex things that are harder to spot.

It basically depends on who is doing the translation and how trusted can he be as if you will not filter things out the translator can add JS code, still cookies and whatever.

In most of the places translation is done you will have in any case a call to esc_html or esc_attr which will mitigate the problem, but obviously if you need an actual link, you can not use those functions. The use of wp_kses just makes sure there are no surprises in the translation.

For example, there is nothing that prevent a translator from translating __('Hi there) into Hi there <script>alert('evil laugh')</script>. translations are never verified to not include such type of things when they are submitted by translators, and while the example is easy to catch, it might be possible to do more complex things that are harder to spot.

It basically depends on who is doing the translation and how trusted can he be as if you will not filter things out the translator can add JS code, steel cookies and whatever.

In most of the places translation is done you will have in any case a call to esc_html or esc_attr which will mitigate the problem, but obviously if you need an actual link, you can not use those functions. The use of wp_kses just makes sure there are no surprises in the translation.

It basically depends on who is doing the translation and how trusted can he be as if you will not filter things out the translator can add JS code, steel cookies and whatever.

In most of the places translation is done you will have in any case a call to esc_html or esc_attr which will mitigate the problem, but obviously if you need an actual link, you can not use those functions. The use of wp_kses just makes sure there are no surprises in the translation.

For example, there is nothing that prevent a translator from translating __('Hi there) into Hi there <script>alert('evil laugh')</script>. translations are never verified to not include such type of things when they are submitted by translators, and while the example is easy to catch, it might be possible to do more complex things that are harder to spot.