<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thanks Chip. :)<br><br><div><hr id="stopSpelling">Date: Tue, 8 Oct 2013 16:18:09 -0400<br>From: chip@chipbennett.net<br>To: theme-reviewers@lists.wordpress.org<br>Subject: Re: [theme-reviewers] Sanitizing Output<br><br><div dir="ltr">The general rule is: sanitize on input, escape on output.</div><div class="ecxgmail_extra"><br><br><div class="ecxgmail_quote">On Tue, Oct 8, 2013 at 4:00 PM, Rohit Tripathi <span dir="ltr"><<a href="mailto:rohitink@live.com" target="_blank">rohitink@live.com</a>></span> wrote:<br>
<blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">


<div><div dir="ltr">Yes, I have escaped all the Urls. That's done.<br><br>But, a feature in my theme allows user to enter javascript or html through the theme options panel, which is sanitized on input. So, I hope I don't have to sanitize it on the output. Because, if i use functions like esc_html or esc_js on them, then the whole point of letting theme enter js/html is lost. So, if i have to sanitize them on output, how do i do that?<div>
<br></div><div>Thanks.<br><div><br><div><hr>Date: Tue, 8 Oct 2013 21:57:44 +0200<br>From: <a href="mailto:grapplerulrich@gmail.com" target="_blank">grapplerulrich@gmail.com</a><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers] Sanitizing Output<div><div class="h5"><br><br><p dir="ltr">No, but it is good to escape it. </p>
<div>On 8 Oct 2013 21:54, "Rohit Tripathi" <<a href="mailto:rohitink@live.com" target="_blank">rohitink@live.com</a>> wrote:<br><blockquote style="border-left:1px #ccc solid;padding-left:1ex;">



<div><div dir="ltr">Hello.<div><br></div><div>I am using Options Framework with my theme. I have properly sanitized all input using all the necessary functions including wp_kses.</div><div><br></div><div>Is it neccessary to sanitize it on the output?</div>

                                          </div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div>
<br>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div></div></div></div></div>                                         </div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________
theme-reviewers mailing list
theme-reviewers@lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers</div>                                           </div></body>
</html>