[wp-hackers] esc_url() vs. esc_attr()

scribu scribu at gmail.com
Wed May 5 13:01:40 UTC 2010

Previous message: [wp-hackers] On overly-obscure passwords
Next message: [wp-hackers] esc_url() vs. esc_attr()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Security question:

What is the difference between esc_url() and esc_attr() ?


In other words, which of the following is best?


echo '<a href="' .  esc_url($unsafe_url) . '">...

echo '<a href="' .  esc_attr($unsafe_url) . '">...

echo '<a href="' .  esc_attr(esc_url$unsafe_url)) . '">...


-- 
http://scribu.net

Previous message: [wp-hackers] On overly-obscure passwords
Next message: [wp-hackers] esc_url() vs. esc_attr()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the wp-hackers mailing list