<div dir="ltr">The header footer js codes that are inserted via theme options, do they need to be escaped at all and if so how to do it?<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 9, 2013 at 1:50 AM, Rohit Tripathi <span dir="ltr"><<a href="mailto:rohitink@live.com" target="_blank">rohitink@live.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">Thanks Chip. :)<br><br><div><hr>Date: Tue, 8 Oct 2013 16:18:09 -0400<br>From: <a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a><div><div class="h5"><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers] Sanitizing Output<br><br><div dir="ltr">The general rule is: sanitize on input, escape on output.</div><div><br><br><div>On Tue, Oct 8, 2013 at 4:00 PM, Rohit Tripathi <span dir="ltr"><<a href="mailto:rohitink@live.com" target="_blank">rohitink@live.com</a>></span> wrote:<br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">Yes, I have escaped all the Urls. That's done.<br><br>But, a feature in my theme allows user to enter javascript or html through the theme options panel, which is sanitized on input. So, I hope I don't have to sanitize it on the output. Because, if i use functions like esc_html or esc_js on them, then the whole point of letting theme enter js/html is lost. So, if i have to sanitize them on output, how do i do that?<div>
<br></div><div>Thanks.<br><div><br><div><hr>Date: Tue, 8 Oct 2013 21:57:44 +0200<br>From: <a href="mailto:grapplerulrich@gmail.com" target="_blank">grapplerulrich@gmail.com</a><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers] Sanitizing Output<div><div><br><br><p dir="ltr">No, but it is good to escape it. </p>
<div>On 8 Oct 2013 21:54, "Rohit Tripathi" <<a href="mailto:rohitink@live.com" target="_blank">rohitink@live.com</a>> wrote:<br><blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">Hello.<div><br></div><div>I am using Options Framework with my theme. I have properly sanitized all input using all the necessary functions including wp_kses.</div><div><br></div><div>Is it neccessary to sanitize it on the output?</div>
</div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div>
<br>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div></div></div></div></div> </div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div></div></div> </div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>