Security-White-Paper icon indicating copy to clipboard operation
Security-White-Paper copied to clipboard
verified publisher icon WordPress

Section on escaping and sanitization functions

Open johnbillion opened this issue 8 years ago • 2 comments

There should be a section covering the escaping and sanitization functions that core provides for theme and plugin authors. Even if they're not covered in technical detail, their existence is an important part of the security of WordPress.

Escaping

  • esc_html()
  • esc_attr()
  • esc_url()
  • esc_textarea()
  • esc_js()

Sanitization

  • esc_url_raw()
  • sanitize_key()
  • sanitize_text_field()
  • sanitize_textarea_field() ...and probably others.

johnbillion avatar Mar 07 '17 23:03 johnbillion

@johnbillion Do you still feel this belongs here? This seems like something that's better suited for plugin/theme/core developer resource pages, which covers these topics pretty comprehensively.

These pages are fairly well maintained and updated as new functions are introduced/old ones are modified. Maybe we just link out to these resources with a brief summary?

desrosj avatar Sep 28 '22 14:09 desrosj

Yeah let's link out to them instead

johnbillion avatar Sep 28 '22 14:09 johnbillion