[theme-reviewers] esc_url() for all links?

Emil Uzelac emil at uzelac.me
Sat Aug 30 00:25:54 UTC 2014 

No, get_permalink is escaped:
https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L14



On Fri, Aug 29, 2014 at 7:22 PM, Zack Tollman <tollmanz at gmail.com> wrote:

> `the_permalink()` is escaped, but `get_permalink()` (or the newer
> `get_the_permalink()`) is not escaped and still needs to be escaped.
>
>
> On Fri, Aug 29, 2014 at 4:31 PM, Emil Uzelac <emil at uzelac.me> wrote:
>
>> And get_permalink does not need one, because it already exist here:
>> https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L0
>>
>>
>> On Fri, Aug 29, 2014 at 6:30 PM, Emil Uzelac <emil at uzelac.me> wrote:
>>
>>> Needs an escape and trailingslash as well
>>> http://codex.wordpress.org/Function_Reference/home_url
>>>
>>> <?php echo esc_url( home_url( '/' ) ); ?>
>>>
>>>
>>> On Fri, Aug 29, 2014 at 6:26 PM, Yentl Bresseleers <hello at design311.com>
>>> wrote:
>>>
>>>> Why doesn't home_url() does it for you then?On 30/08/2014 01:25, Tom
>>>> wrote:
>>>>
>>>>> I believe get_permalink() does it for you.
>>>>>
>>>>> -----Original Message-----
>>>>> From: theme-reviewers [mailto:theme-reviewers-
>>>>> bounces at lists.wordpress.org]
>>>>> On Behalf Of Yentl Bresseleers
>>>>> Sent: Friday, August 29, 2014 4:24 PM
>>>>> To: Discussion list for WordPress theme reviewers.
>>>>> Subject: [theme-reviewers] esc_url() for all links?
>>>>>
>>>>>  Themes are required to escape all untrusted links before output using
>>>>>> esc_url(). Escape home_url() in header.php and other similar links
>>>>>> used elsewhere.
>>>>>>
>>>>> Does that mean we have to pass all links through esc_url()? Even
>>>>> the_permalink()?
>>>>>
>>>>>       echo esc_url(get_permalink());
>>>>>
>>>>> Rather than:
>>>>>
>>>>>       the_permalink() ?
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20140829/d21164f8/attachment.html>

More information about the theme-reviewers mailing list