<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Yes, I have escaped all the Urls. That's done.<br><br>But, a feature in my theme allows user to enter javascript or html through the theme options panel, which is sanitized on input. So, I hope I don't have to sanitize it on the output. Because, if i use functions like esc_html or esc_js on them, then the whole point of letting theme enter js/html is lost. So, if i have to sanitize them on output, how do i do that?<div><br></div><div>Thanks.<br><div><br><div><hr id="stopSpelling">Date: Tue, 8 Oct 2013 21:57:44 +0200<br>From: grapplerulrich@gmail.com<br>To: theme-reviewers@lists.wordpress.org<br>Subject: Re: [theme-reviewers] Sanitizing Output<br><br><p dir="ltr">No, but it is good to escape it. </p>
<div class="ecxgmail_quote">On 8 Oct 2013 21:54, "Rohit Tripathi" <<a href="mailto:rohitink@live.com">rohitink@live.com</a>> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr">Hello.<div><br></div><div>I am using Options Framework with my theme. I have properly sanitized all input using all the necessary functions including wp_kses.</div><div><br></div><div>Is it neccessary to sanitize it on the output?</div>
</div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div>
<br>_______________________________________________
theme-reviewers mailing list
theme-reviewers@lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers</div></div></div> </div></body>
</html>