[theme-reviewers] theme option validation

// ravi ravi-lists at g8o.net
Sat Apr 28 14:27:07 UTC 2012


On Apr 27, 2012, at 8:11 PM, Justin Tadlock wrote:
> I'd be lenient as long as it's secure and works.  Then, just provide a note about what it should be changed to in the next update.
> 
> On 4/27/2012 12:16 PM, Kirk Wight wrote:
>> Hi all,
>> 
>> How lenient are others towards validation with theme options? I'm doing a review in which options are sanitized on input using wp_filter_nohtml_kses(), but not validated for their purpose - they're supposed to be social media URLs, but whatever the user enters is simply echoed out, whether it's a valid URL or not. Should it be sanitized on output with esc_url() also?..
>> 

Shouldn’t the WP hooks/functions for adding theme options do this sort of thing (sanitising), and not leave it to the theme author?

	—ravi




More information about the theme-reviewers mailing list