[theme-reviewers] Settings API and User-Defined Javascript

Vicky Arulsingam vicky.arulsingam at gmail.com
Fri Feb 17 06:14:08 UTC 2012


Thanks Chip.

That's what I had in mind - just wanted to be sure.

-----
Vicky Arulsingam

On Fri, Feb 17, 2012 at 11:42 AM, Chip Bennett <chip at chipbennett.net> wrote:

> The Settings API doesn't currently do *any* sanitization/validation on its
> own; it simply provides a callback in which the Theme developer can define
> the sanitization/validation functinos.
>
> So, you need to make sure that the callback defined in register_setting()
> properly sanitizes the javascript passed into it, and that the Theme
> properly escapes the javascript on output in the template.
>
> Chip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120217/2ffae588/attachment.htm>


More information about the theme-reviewers mailing list