Section on escaping and sanitization functions
johnbillion opened this issue · 2 comments
johnbillion commented
There should be a section covering the escaping and sanitization functions that core provides for theme and plugin authors. Even if they're not covered in technical detail, their existence is an important part of the security of WordPress.
Escaping
esc_html()
esc_attr()
esc_url()
esc_textarea()
esc_js()
Sanitization
esc_url_raw()
sanitize_key()
sanitize_text_field()
sanitize_textarea_field()
...and probably others.
desrosj commented
@johnbillion Do you still feel this belongs here? This seems like something that's better suited for plugin/theme/core developer resource pages, which covers these topics pretty comprehensively.
- Sanitizing input (plugins)
- Securing output (plugins)
- Data Sanitization/Escaping (themes)
- WordPress/WordPress-Coding-Standards
These pages are fairly well maintained and updated as new functions are introduced/old ones are modified. Maybe we just link out to these resources with a brief summary?
johnbillion commented
Yeah let's link out to them instead