[theme-reviewers] esc_url() for all links?
Yentl Bresseleers
hello at design311.com
Fri Aug 29 23:26:24 UTC 2014
Why doesn't home_url() does it for you then?On 30/08/2014 01:25, Tom wrote:
> I believe get_permalink() does it for you.
>
> -----Original Message-----
> From: theme-reviewers [mailto:theme-reviewers-bounces at lists.wordpress.org]
> On Behalf Of Yentl Bresseleers
> Sent: Friday, August 29, 2014 4:24 PM
> To: Discussion list for WordPress theme reviewers.
> Subject: [theme-reviewers] esc_url() for all links?
>
>> Themes are required to escape all untrusted links before output using
>> esc_url(). Escape home_url() in header.php and other similar links
>> used elsewhere.
> Does that mean we have to pass all links through esc_url()? Even
> the_permalink()?
>
> echo esc_url(get_permalink());
>
> Rather than:
>
> the_permalink() ?
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
More information about the theme-reviewers
mailing list