Escape method should allow/default to WordPress sanitization functions.
samrap opened this issue · 0 comments
samrap commented
WordPress provides sanitization functions that theme developers rely on. We should allow these functions in the whitelist and default to esc_html. htmlspecialchars and urlencode will remain whitelisted.
See: https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data#Escaping:_Securing_Output