[theme-reviewers] Sanitizing Output
Emil Uzelac
emil at uzelac.me
Tue Oct 8 20:26:23 UTC 2013
There's this
https://github.com/devinsays/options-framework-theme/blob/master/inc/options-sanitize.php
and no need to adjust anything with JS, at least not beyond what options
framework already does :)
On Tue, Oct 8, 2013 at 3:22 PM, Srikanth Koneru <tskk79 at gmail.com> wrote:
> The header footer js codes that are inserted via theme options, do they
> need to be escaped at all and if so how to do it?
>
>
> On Wed, Oct 9, 2013 at 1:50 AM, Rohit Tripathi <rohitink at live.com> wrote:
>
>> Thanks Chip. :)
>>
>> ------------------------------
>> Date: Tue, 8 Oct 2013 16:18:09 -0400
>> From: chip at chipbennett.net
>>
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Sanitizing Output
>>
>> The general rule is: sanitize on input, escape on output.
>>
>>
>> On Tue, Oct 8, 2013 at 4:00 PM, Rohit Tripathi <rohitink at live.com> wrote:
>>
>> Yes, I have escaped all the Urls. That's done.
>>
>> But, a feature in my theme allows user to enter javascript or html
>> through the theme options panel, which is sanitized on input. So, I hope I
>> don't have to sanitize it on the output. Because, if i use functions like
>> esc_html or esc_js on them, then the whole point of letting theme enter
>> js/html is lost. So, if i have to sanitize them on output, how do i do that?
>>
>> Thanks.
>>
>> ------------------------------
>> Date: Tue, 8 Oct 2013 21:57:44 +0200
>> From: grapplerulrich at gmail.com
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Sanitizing Output
>>
>>
>> No, but it is good to escape it.
>> On 8 Oct 2013 21:54, "Rohit Tripathi" <rohitink at live.com> wrote:
>>
>> Hello.
>>
>> I am using Options Framework with my theme. I have properly sanitized all
>> input using all the necessary functions including wp_kses.
>>
>> Is it neccessary to sanitize it on the output?
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131008/7eda5596/attachment-0001.html>
More information about the theme-reviewers
mailing list