<div dir="ltr">Correct me if I'm wrong (I could be), but I don't think core-defined controls need a defined sanitization_callback. In the case of the image control, I think it passes the image through wp_handle_upload().<div>
<br></div><div>In any case, the value does still need to be escaped on output, such as what Emil described.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 20, 2014 at 12:47 PM, Srikanth Koneru <span dir="ltr"><<a href="mailto:tskk79@gmail.com" target="_blank">tskk79@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Does Image control (<a href="http://codex.wordpress.org/Class_Reference/WP_Customize_Image_Control" target="_blank">http://codex.wordpress.org/Class_Reference/WP_Customize_Image_Control</a>) need sanitization?<br>
<br></div>If so is esc_url_raw appropriate?<br><br></div>Also what is 'logo' in that example?<br><br></div>Thanks.<br><div><code></code></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>