First › Forums › Politics forum › Plugin API Hooks › Reply To: Plugin API Hooks
March 29, 2013 at 3:27 pm #1538
You should escape dynamically generated content in your Theme, especially content that is output to HTML attributes. As noted in WordPress Coding Standards, text that goes into attributes should be run through esc_attr() so that single or double quotes do not end the attribute value and invalidate the XHTML and cause a security issue. Common places to check are title, alt, and value attributes.