<div dir="ltr">Because of the clean_url filter, I propose all themes have an esc_esc_url() escaping function. Sigh. Vigilance is its own reward.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 September 2013 16:09, Justin Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
The `clean_url()` function is deprecated. The `clean_url` filter
hook was carried over and used within `esc_url()`.<div><div class="h5"><br>
<br>
<div>On 9/12/2013 3:02 PM, Emil Uzelac
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">isn't <span style="font-size:13px"><font face="courier new, monospace">clean_url</font></span><font face="arial, sans-serif"> <a href="http://codex.wordpress.org/Function_Reference/clean_url" target="_blank">deprecated</a>
and aren't we suppose to use </font><font face="courier new,
monospace">esc_url()</font><font face="arial, sans-serif">
instead?</font></div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Sep 12, 2013 at 2:59 PM, Justin
Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> `esc_url()` is also
filterable via the `clean_url` hook. :)
<div>
<div><br>
<br>
<div>On 9/12/2013 2:56 PM, Kirk Wight wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Note that get_home_url() (which is
used by home_url()) is filterable, so technically
we have no idea what's going to come through;
using esc_url(), even if not required, will always
be a good idea.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 12 September 2013
15:30, Zulfikar Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="ltr">Thanks for the clarification
Chip - Noted :)<br>
<br>
<div>
<hr>Date: Thu, 12 Sep 2013 14:32:55
-0400<br>
From: <a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a><br>
To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers]
home_url('/') VS esc_url(home_url('/'))
Clarification
<div>
<div><br>
<br>
<div dir="ltr">I would consider it
as *recommended*, since home_url()
isn't explicitly
user-configurable. At the very
least, if it's considered as
*required*, then it is minor
enough to leave until the next
revision.</div>
<div><br>
<br>
<div>On Thu, Sep 12, 2013 at 2:30
PM, Zulfikar Nore <span dir="ltr"><<a href="mailto:zulfikarnore@live.com" target="_blank">zulfikarnore@live.com</a>></span>
wrote:<br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="ltr">As this
page: <a href="http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/" target="_blank">http://make.wordpress.org/themes/guidelines/guidelines-theme-security-and-privacy/</a> has
since changed I thought
I'd ask just to be clear I
understand the
requirements.
<div> <br>
</div>
<div>Is esc_url for
home_url a requirement
or recommended? This
page: <a href="http://codex.wordpress.org/Data_Validation" style="font-size:12pt" target="_blank">http://codex.wordpress.org/Data_Validation</a> does
not state explicitly
that it is a
requirement.</div>
<div><br>
</div>
<div>So if its a
requirement - is it a
must fix requirement or
can it be a fix in next
revision requirement?</div>
<div><br>
</div>
<div>Thanks in advance,</div>
<div>Zulf</div>
</div>
</div>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________
theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>