<div dir="ltr">ah I see, my bad :)</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Sep 12, 2013 at 3:07 PM, Chip Bennett <span dir="ltr"><<a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">He's talking about this, I think:<div><br></div><div><a href="http://core.trac.wordpress.org/browser/tags/3.6.1/wp-includes/formatting.php#L2660" target="_blank">http://core.trac.wordpress.org/browser/tags/3.6.1/wp-includes/formatting.php#L2660</a><br>

</div><div><br></div><div>The value returned by esc_url() is filtered:</div><div><br></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><span style="font-weight:bold;color:rgb(68,68,68);font-family:monospace;font-size:11px">return</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px"> </span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">apply_filters</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">(</span><span style="color:rgb(187,136,68);font-family:monospace;font-size:11px">'clean_url'</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">,</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px"> </span><span style="color:rgb(0,128,128);font-family:monospace;font-size:11px">$good_protocol_url</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">,</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px"> </span><span style="color:rgb(0,128,128);font-family:monospace;font-size:11px">$original_url</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">,</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px"> </span><span style="color:rgb(0,128,128);font-family:monospace;font-size:11px">$_context</span><span style="color:rgb(68,68,68);font-family:monospace;font-size:11px">);</span></div>

</blockquote></div><div><br></div><div>There are a lot of rabbit holes...</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Sep 12, 2013 at 4:02 PM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@uzelac.me" target="_blank">emil@uzelac.me</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">isn't <span style="font-size:13px"><font face="courier new, monospace">clean_url</font></span><font face="arial, sans-serif"> <a href="http://codex.wordpress.org/Function_Reference/clean_url" target="_blank">deprecated</a> and aren't we suppose to use </font><font face="courier new, monospace">esc_url()</font><font face="arial, sans-serif"> instead?</font></div>

<div><div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Sep 12, 2013 at 2:59 PM, Justin Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    `esc_url()` is also filterable via the `clean_url` hook. :)<div><div><br>
    <br>
    <div>On 9/12/2013 2:56 PM, Kirk Wight wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Note that get_home_url() (which is used by
        home_url()) is filterable, so technically we have no idea what's
        going to come through; using esc_url(), even if not required,
        will always be a good idea.</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On 12 September 2013 15:30, Zulfikar
          Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div>
              <div dir="ltr">Thanks for the clarification Chip - Noted
                :)<br>
                <br>
                <div>
                  <hr>Date: Thu, 12 Sep 2013 14:32:55 -0400<br>
                  From: <a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a><br>
                  To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                  Subject: Re: [theme-reviewers] home_url('/') VS
                  esc_url(home_url('/')) Clarification
                  <div>
                    <div><br>
                      <br>
                      <div dir="ltr">I would consider it as
                        *recommended*, since home_url() isn't explicitly
                        user-configurable. At the very least, if it's
                        considered as *required*, then it is minor
                        enough to leave until the next revision.</div>
                      <div><br>
                        <br>
                        <div>On Thu, Sep 12, 2013 at 2:30 PM, Zulfikar
                          Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
                          wrote:<br>
                          <blockquote style="border-left:1px #ccc solid;padding-left:1ex">
                            <div>
                              <div dir="ltr">As this page: <a href="http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/" target="_blank">http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/</a> has
                                since changed I thought I'd ask just to
                                be clear I understand the requirements.
                                <div>
                                  <br>
                                </div>
                                <div>Is esc_url for home_url a
                                  requirement or recommended? This
                                  page: <a href="http://codex.wordpress.org/Data_Validation" style="font-size:12pt" target="_blank">http://codex.wordpress.org/Data_Validation</a> does
                                  not state explicitly that it is a
                                  requirement.</div>
                                <div><br>
                                </div>
                                <div>So if its a requirement - is it a
                                  must fix requirement or can it be a
                                  fix in next revision requirement?</div>
                                <div><br>
                                </div>
                                <div>Thanks in advance,</div>
                                <div>Zulf</div>
                              </div>
                            </div>
                            <br>
_______________________________________________<br>
                            theme-reviewers mailing list<br>
                            <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                            <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
                            <br>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                      <br>
                      _______________________________________________
                      theme-reviewers mailing list
                      <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
                      <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div>
                  </div>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            theme-reviewers mailing list<br>
            <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
            <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>