<div dir="ltr">Because of the clean_url filter, I propose all themes have an esc_esc_url() escaping function. Sigh. Vigilance is its own reward.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 September 2013 16:09, Justin Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    The `clean_url()` function is deprecated.  The `clean_url` filter
    hook was carried over and used within `esc_url()`.<div><div class="h5"><br>
    <br>
    <div>On 9/12/2013 3:02 PM, Emil Uzelac
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">isn't <span style="font-size:13px"><font face="courier new, monospace">clean_url</font></span><font face="arial, sans-serif"> <a href="http://codex.wordpress.org/Function_Reference/clean_url" target="_blank">deprecated</a>
          and aren't we suppose to use </font><font face="courier new,
          monospace">esc_url()</font><font face="arial, sans-serif">
          instead?</font></div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Thu, Sep 12, 2013 at 2:59 PM, Justin
          Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"> `esc_url()` is also
              filterable via the `clean_url` hook. :)
              <div>
                <div><br>
                  <br>
                  <div>On 9/12/2013 2:56 PM, Kirk Wight wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">Note that get_home_url() (which is
                      used by home_url()) is filterable, so technically
                      we have no idea what's going to come through;
                      using esc_url(), even if not required, will always
                      be a good idea.</div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On 12 September 2013
                        15:30, Zulfikar Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div>
                            <div dir="ltr">Thanks for the clarification
                              Chip - Noted :)<br>
                              <br>
                              <div>
                                <hr>Date: Thu, 12 Sep 2013 14:32:55
                                -0400<br>
                                From: <a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a><br>
                                To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                                Subject: Re: [theme-reviewers]
                                home_url('/') VS esc_url(home_url('/'))
                                Clarification
                                <div>
                                  <div><br>
                                    <br>
                                    <div dir="ltr">I would consider it
                                      as *recommended*, since home_url()
                                      isn't explicitly
                                      user-configurable. At the very
                                      least, if it's considered as
                                      *required*, then it is minor
                                      enough to leave until the next
                                      revision.</div>
                                    <div><br>
                                      <br>
                                      <div>On Thu, Sep 12, 2013 at 2:30
                                        PM, Zulfikar Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
                                        wrote:<br>
                                        <blockquote style="border-left:1px #ccc solid;padding-left:1ex">
                                          <div>
                                            <div dir="ltr">As this
                                              page: <a href="http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/" target="_blank">http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/</a> has

                                              since changed I thought
                                              I'd ask just to be clear I
                                              understand the
                                              requirements.
                                              <div> <br>
                                              </div>
                                              <div>Is esc_url for
                                                home_url a requirement
                                                or recommended? This
                                                page: <a href="http://codex.wordpress.org/Data_Validation" style="font-size:12pt" target="_blank">http://codex.wordpress.org/Data_Validation</a> does

                                                not state explicitly
                                                that it is a
                                                requirement.</div>
                                              <div><br>
                                              </div>
                                              <div>So if its a
                                                requirement - is it a
                                                must fix requirement or
                                                can it be a fix in next
                                                revision requirement?</div>
                                              <div><br>
                                              </div>
                                              <div>Thanks in advance,</div>
                                              <div>Zulf</div>
                                            </div>
                                          </div>
                                          <br>
_______________________________________________<br>
                                          theme-reviewers mailing list<br>
                                          <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                                          <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
                                          <br>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                    <br>
                                    _______________________________________________

                                    theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
                                    <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div>
                                </div>
                              </div>
                            </div>
                          </div>
                          <br>
_______________________________________________<br>
                          theme-reviewers mailing list<br>
                          <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                          <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            theme-reviewers mailing list<br>
            <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
            <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>