WordPress/Security-White-Paper

Section on escaping and sanitization functions

johnbillion opened this issue · 2 comments

There should be a section covering the escaping and sanitization functions that core provides for theme and plugin authors. Even if they're not covered in technical detail, their existence is an important part of the security of WordPress.

Escaping

  • esc_html()
  • esc_attr()
  • esc_url()
  • esc_textarea()
  • esc_js()

Sanitization

  • esc_url_raw()
  • sanitize_key()
  • sanitize_text_field()
  • sanitize_textarea_field()
    ...and probably others.

@johnbillion Do you still feel this belongs here? This seems like something that's better suited for plugin/theme/core developer resource pages, which covers these topics pretty comprehensively.

These pages are fairly well maintained and updated as new functions are introduced/old ones are modified. Maybe we just link out to these resources with a brief summary?

Yeah let's link out to them instead