Data Sanitization and Validation in themeforest themes

ravishakya · June 15, 2016, 5:38pm

I am creating a theme for themeforest. Just wanted to ask, as in the guidelines

For input:
wp_filter_nohtml_kses()
wp_filter_kses()
wp_kses()

For output:
esc_attr()
esc_html()
esc_js()
esc_textarea()
esc_url()

Can i just use sanitize_text_field() for both input and output in themeforest theme ??
Can i use _e() or __() functions ??

smeku · June 15, 2016, 8:18pm

All dynamic data must be correctly escaped for the context where it is rendered. - All dynamic data must be escaped with esc_attr() before rendered in an html attribute. - Whenever you are rendering a url to the screen its value must be passed through esc_url() first. - If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js(). Please make sure you read these articles: writing secure themes – Make WordPress Themes
Data Validation « WordPress Codex Escaping – WordPress.com Developer Resources Data Sanitization and Validation With WordPress | Envato Tuts+ https://vip.wordpress.com/documentation/best-practices/security/validating-sanitizing-escaping/

Regards
Lukasz

Topic		Replies	Views
Data Validation issues Theme Authors wordpress , item-feedback	7	1670	March 24, 2017
WordPress Theme Soft-Rejected Theme Authors wordpress , item-feedback	13	993	October 14, 2016
Dynamic Custom Code Escaping Theme Authors wordpress , themeforest	3	477	November 24, 2017
How allow some html tags? Theme Authors	2	551	November 7, 2016
using wp_kses for output Theme Authors wordpress	8	3737	November 3, 2019