[theme-reviewers] theme option validation
// ravi
ravi-lists at g8o.net
Sat Apr 28 14:27:07 UTC 2012
On Apr 27, 2012, at 8:11 PM, Justin Tadlock wrote:
> I'd be lenient as long as it's secure and works. Then, just provide a note about what it should be changed to in the next update.
>
> On 4/27/2012 12:16 PM, Kirk Wight wrote:
>> Hi all,
>>
>> How lenient are others towards validation with theme options? I'm doing a review in which options are sanitized on input using wp_filter_nohtml_kses(), but not validated for their purpose - they're supposed to be social media URLs, but whatever the user enters is simply echoed out, whether it's a valid URL or not. Should it be sanitized on output with esc_url() also?..
>>
Shouldn’t the WP hooks/functions for adding theme options do this sort of thing (sanitising), and not leave it to the theme author?
—ravi
More information about the theme-reviewers
mailing list