[wp-hackers] Re: 2.0.10 and 2.1.3 Release Candidates
Alex King
lists at alexking.org
Sat Mar 17 14:06:04 GMT 2007
I'd recommend an additional refactoring to introduce a single
'wp_escape' function, or similar. The function would accept 2
parameters, the string and the type of usage (js, attribute, url,
etc.). Both params would be required with no default values to force
people to use/set the right one.
It's not uncommon for folks to look through the source for a function
they need and find/use the wrong one because it's the first the run
across. A single function would help alleviate that. Of course we'd
have to deprecate the old ones over time.
I'd be willing to cook up a patch for this if it would be accepted.
Cheers,
--Alex
Personal http://alexking.org
Business http://kingdesign.net
On Mar 17, 2007, at 2:58 AM, Ryan Boren wrote:
>
> When you review the code, keep in mind how our various sanitizer
> functions should be used. js_escape() is used to sanitize JS code
> that goes into onclick, etc. clean_url() sanitizes content that goes
> into an href, src, or redirect. attribute_escape() escapes content
> going into an attribute.
More information about the wp-hackers
mailing list