Question about escaping dynamic data

get_permalink and other WP functions are sanitized so you don’t need to worry about them, but you do need to sanitize anything else including theme options as you don’t know what the user will input.