chip at chipbennett.net
Fri Feb 17 03:42:30 UTC 2012
The Settings API doesn't currently do *any* sanitization/validation on its
own; it simply provides a callback in which the Theme developer can define
the sanitization/validation functinos.
So, you need to make sure that the callback defined in register_setting()
On Thu, Feb 16, 2012 at 8:50 PM, Vicky Arulsingam <
vicky.arulsingam at gmail.com> wrote:
> The theme I'm reviewing: http://themes.trac.wordpress.org/ticket/6565
> By virtue of using Settings API, is a theme protected against XSS
> Vicky Arulsingam
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the theme-reviewers