I am creating a theme for themeforest. Just wanted to ask, as in the guidelines
For input:
wp_filter_nohtml_kses()
wp_filter_kses()
wp_kses()
For output:
esc_attr()
esc_html()
esc_js()
esc_textarea()
esc_url()
- Can i just use sanitize_text_field() for both input and output in themeforest theme ??
- Can i use _e() or __() functions ??
smeku
2
All dynamic data must be correctly escaped for the context where it is rendered. - All dynamic data must be escaped with esc_attr() before rendered in an html attribute. - Whenever you are rendering a url to the screen its value must be passed through esc_url() first. - If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js(). Please make sure you read these articles: writing secure themes – Make WordPress Themes
Data Validation « WordPress Codex Escaping – WordPress.com Developer Resources Data Sanitization and Validation With WordPress | Envato Tuts+ https://vip.wordpress.com/documentation/best-practices/security/validating-sanitizing-escaping/
Regards
Lukasz 