[theme-reviewers] Sanitizing Output
Srikanth Koneru
tskk79 at gmail.com
Tue Oct 8 20:22:54 UTC 2013
The header footer js codes that are inserted via theme options, do they
need to be escaped at all and if so how to do it?
On Wed, Oct 9, 2013 at 1:50 AM, Rohit Tripathi <rohitink at live.com> wrote:
> Thanks Chip. :)
>
> ------------------------------
> Date: Tue, 8 Oct 2013 16:18:09 -0400
> From: chip at chipbennett.net
>
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Sanitizing Output
>
> The general rule is: sanitize on input, escape on output.
>
>
> On Tue, Oct 8, 2013 at 4:00 PM, Rohit Tripathi <rohitink at live.com> wrote:
>
> Yes, I have escaped all the Urls. That's done.
>
> But, a feature in my theme allows user to enter javascript or html through
> the theme options panel, which is sanitized on input. So, I hope I don't
> have to sanitize it on the output. Because, if i use functions like
> esc_html or esc_js on them, then the whole point of letting theme enter
> js/html is lost. So, if i have to sanitize them on output, how do i do that?
>
> Thanks.
>
> ------------------------------
> Date: Tue, 8 Oct 2013 21:57:44 +0200
> From: grapplerulrich at gmail.com
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Sanitizing Output
>
>
> No, but it is good to escape it.
> On 8 Oct 2013 21:54, "Rohit Tripathi" <rohitink at live.com> wrote:
>
> Hello.
>
> I am using Options Framework with my theme. I have properly sanitized all
> input using all the necessary functions including wp_kses.
>
> Is it neccessary to sanitize it on the output?
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131009/49587a64/attachment.html>
More information about the theme-reviewers
mailing list