Anyone know Themeforest’s standpoint on escaping wordpress functions?
Should we be doing
echo esc_url( get_the_permalink
Seems overkill when the the_permalink
function clearly escapes on echo
https://developer.wordpress.org/reference/functions/the_permalink/
I ask because one of my soft messages was escape all urls even wordpress.
Wordpress.org allow the_permalink
but will themeforest reject for it?
Same goes for bloginfo - the output is escaped see: