Data Sanitization and Validation in themeforest themes

ravishakya · 2016-06-15 17:38:23 UTC

I am creating a theme for themeforest. Just wanted to ask, as in the guidelines

For input:
wp_filter_nohtml_kses()
wp_filter_kses()
wp_kses()

For output:
esc_attr()
esc_html()
esc_js()
esc_textarea()
esc_url()

Can i just use sanitize_text_field() for both input and output in themeforest theme ??
Can i use _e() or __() functions ??

smeku · 2016-06-15 20:18:59 UTC

All dynamic data must be correctly escaped for the context where it is rendered. - All dynamic data must be escaped with esc_attr() before rendered in an html attribute. - Whenever you are rendering a url to the screen its value must be passed through esc_url() first. - If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js(). Please make sure you read these articles: https://make.wordpress.org/themes/tags/writing-secure-themes/
http://codex.wordpress.org/Data_Validation http://developer.wordpress.com/themes/escaping/ http://code.tutsplus.com/articles/data-sanitization-and-validation-with-wordpress--wp-25536 https://vip.wordpress.com/documentation/best-practices/security/validating-sanitizing-escaping/

Regards
Lukasz