Hi friends i need some help about escaping & sanitizing. My theme soft rejected and i am tried so many ways but i couldnt solve this problem.
if( ! function_exists( 'prefix_the_footer_widgets' ) ){
function prefix_the_footer_widgets() {
$output = '';
$footer_columns = (int)get_theme_mod( 'footer_widget_columns', 3 );
if ( $footer_columns > 0 ) {
$elm_footer_columns = (int)24/$footer_columns;
// turn on buffering
ob_start();
for ($i = 1; $i <= $footer_columns; $i++) {
if( is_active_sidebar( 'footer-widget-' . $i ) ){
?>
<div class="col-md-<?php echo esc_attr( $elm_footer_columns );?>">
<?php dynamic_sidebar( 'footer-widget-' . $i );?>
</div>
<?php
}
}
$output .= ob_get_clean();
}
?>
<div class="footer-content">
<div class="container">
<div class="row">
<?php echo wp_kses_post($output); ?>
</div>
</div>
</div><!-- footer-content -->
<?php
}
}
One of reject reason — All dynamic data must be correctly escaped for the context where it is rendered. Please perform a global search for “echo $” and you will see several issues. Ref: https://vip.wordpress.com/documentation/vip/best-practices/security/validating-sanitizing-escaping/
i am using mailchimp plugin so i musnt use wp_kses_post and i have html content so i cant use esc_html . If i gonna use wp_kses its will too long (so bad practice). help me please.