Question about esc_url

wordpress

#1

My new theme got rejected from a coding perspective. They say all URLs must be escaped.

I’m wondering if a pound character as the URL needs to be escaped using esc_url()

For example:

href="#"

Is it required to be changed to: href="<?php echo esc_url('#') ?>"

Thanks for your help!


#2

https://codex.wordpress.org/Function_Reference/esc_url


#3

No it’s not. You must escape all the DYNAMIC data which means entered/written by the user via theme customizer for example. STATIC data is harmless which entered/written by you. But, just in case, you can do it for every url to make it guaranted.


#4

If you’re interested in, I could offer service to check and fix the theme issue for the problem.
In this case, if you’re interested in, you can contact me through gmail(at)moskvayigit.com

Best,

Yigit


#5

Ok great, thanks. That’s what I thought, but the reviewers seem to be super strict and wanted to make sure before I spent lots of time on this. (I have lots of URLs with address of “#”) :slight_smile: