[wp-hackers] Re: 2.0.10 and 2.1.3 Release Candidates

Alex King lists at alexking.org
Sat Mar 17 14:06:04 GMT 2007

I'd recommend an additional refactoring to introduce a single  
'wp_escape' function, or similar. The function would accept 2  
parameters, the string and the type of usage (js, attribute, url,  
etc.). Both params would be required with no default values to force  
people to use/set the right one.

It's not uncommon for folks to look through the source for a function  
they need and find/use the wrong one because it's the first the run  
across. A single function would help alleviate that. Of course we'd  
have to deprecate the old ones over time.

I'd be willing to cook up a patch for this if it would be accepted.


Personal   http://alexking.org
Business   http://kingdesign.net

On Mar 17, 2007, at 2:58 AM, Ryan Boren wrote:

> When you review the code, keep in mind how our various sanitizer
> functions should be used.  js_escape() is used to sanitize JS code
> that goes into onclick, etc.  clean_url() sanitizes content that goes
> into an href, src, or redirect.  attribute_escape() escapes content
> going into an attribute.

More information about the wp-hackers mailing list