escaping the_permalink



Anyone know Themeforest’s standpoint on escaping wordpress functions?

Should we be doing

echo esc_url( get_the_permalink

Seems overkill when the the_permalink function clearly escapes on echo

I ask because one of my soft messages was escape all urls even wordpress. allow the_permalink but will themeforest reject for it?

Same goes for bloginfo - the output is escaped see:


I think get_the_permalink() function isn’t escaped, so you need to escape.
For bloginfo() function, output is escaped, but via filters. So that means esc_html filter can be easily removed, thus output doesn’t get escaped. So you need to escape too to be on the safer side.