[theme-reviewers] need your opinion
Otto
otto at ottodestruct.com
Thu Aug 16 14:16:12 UTC 2012
On Thu, Aug 16, 2012 at 1:27 AM, Chandra Maharzan <maharzan at gmail.com> wrote:
> He has Theme options but it doesn't work unless people activate (pay)
> the author. And then he is arguing about sanitation of data fields,
> which Theme Review clearly says to do them (esc_html, esc_attr,etc).
> Someone please enlighten me here.
He's right about the escaping, for the most part. Text areas should
use esc_textarea for sanitization, not esc_html. Similarly, a URL
should use esc_url. Use the correct escape function for the correct
purpose.
-Otto
More information about the theme-reviewers
mailing list