Hi, I have two questions:
1.I recently had soft rejection and one of the reason was: “All dynamic data must be correctly escaped for the context where it is rendered”.
I escaped all translatable strings, get_meta_fields but I wonder if I also have to escape “theme options” when they are echo’ed?
- “Always use esc_url when sanitizing URLs, including WordPress related”. What about get_permalink(), etc?