Question about esc_url

My new theme got rejected from a coding perspective. They say all URLs must be escaped.

I’m wondering if a pound character as the URL needs to be escaped using esc_url()

For example:

href="#"

Is it required to be changed to: href="<?php echo esc_url('#') ?>"

Thanks for your help!

https://codex.wordpress.org/Function_Reference/esc_url

No it’s not. You must escape all the DYNAMIC data which means entered/written by the user via theme customizer for example. STATIC data is harmless which entered/written by you. But, just in case, you can do it for every url to make it guaranted.

1 Like

If you’re interested in, I could offer service to check and fix the theme issue for the problem.
In this case, if you’re interested in, you can contact me through gmail(at)moskvayigit.com

Best,

Yigit

Ok great, thanks. That’s what I thought, but the reviewers seem to be super strict and wanted to make sure before I spent lots of time on this. (I have lots of URLs with address of “#”) :slight_smile: