[theme-reviewers] Sanitizing Output
Rohit Tripathi
rohitink at live.com
Tue Oct 8 20:00:33 UTC 2013
Yes, I have escaped all the Urls. That's done.
But, a feature in my theme allows user to enter javascript or html through the theme options panel, which is sanitized on input. So, I hope I don't have to sanitize it on the output. Because, if i use functions like esc_html or esc_js on them, then the whole point of letting theme enter js/html is lost. So, if i have to sanitize them on output, how do i do that?
Thanks.
Date: Tue, 8 Oct 2013 21:57:44 +0200
From: grapplerulrich at gmail.com
To: theme-reviewers at lists.wordpress.org
Subject: Re: [theme-reviewers] Sanitizing Output
No, but it is good to escape it.
On 8 Oct 2013 21:54, "Rohit Tripathi" <rohitink at live.com> wrote:
Hello.
I am using Options Framework with my theme. I have properly sanitized all input using all the necessary functions including wp_kses.
Is it neccessary to sanitize it on the output?
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131009/109cb844/attachment.html>
More information about the theme-reviewers
mailing list