Thanks Chip.<div><br></div><div>That's what I had in mind - just wanted to be sure.<br><br>-----<div>Vicky Arulsingam</div><br class="Apple-interchange-newline"><div class="gmail_quote">On Fri, Feb 17, 2012 at 11:42 AM, Chip Bennett <span dir="ltr"><<a href="mailto:chip@chipbennett.net">chip@chipbennett.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The Settings API doesn't currently do *any* sanitization/validation on its own; it simply provides a callback in which the Theme developer can define the sanitization/validation functinos.<div>
<br></div><div>So, you need to make sure that the callback defined in register_setting() properly sanitizes the javascript passed into it, and that the Theme properly escapes the javascript on output in the template.</div>
<div><br></div><div>Chip<br><br><div class="gmail_quote"><div><div class="h5"><br></div></div></div></div></blockquote></div><br>
</div>