[theme-reviewers] Sanitizing Output
Rohit Tripathi
rohitink at live.com
Tue Oct 8 20:20:08 UTC 2013
Thanks Chip. :)
Date: Tue, 8 Oct 2013 16:18:09 -0400
From: chip at chipbennett.net
To: theme-reviewers at lists.wordpress.org
Subject: Re: [theme-reviewers] Sanitizing Output
The general rule is: sanitize on input, escape on output.
On Tue, Oct 8, 2013 at 4:00 PM, Rohit Tripathi <rohitink at live.com> wrote:
Yes, I have escaped all the Urls. That's done.
But, a feature in my theme allows user to enter javascript or html through the theme options panel, which is sanitized on input. So, I hope I don't have to sanitize it on the output. Because, if i use functions like esc_html or esc_js on them, then the whole point of letting theme enter js/html is lost. So, if i have to sanitize them on output, how do i do that?
Thanks.
Date: Tue, 8 Oct 2013 21:57:44 +0200
From: grapplerulrich at gmail.com
To: theme-reviewers at lists.wordpress.org
Subject: Re: [theme-reviewers] Sanitizing Output
No, but it is good to escape it.
On 8 Oct 2013 21:54, "Rohit Tripathi" <rohitink at live.com> wrote:
Hello.
I am using Options Framework with my theme. I have properly sanitized all input using all the necessary functions including wp_kses.
Is it neccessary to sanitize it on the output?
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131009/2f2db0b5/attachment.html>
More information about the theme-reviewers
mailing list