First Forums Politics forum Untrusted Data

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1539
    Crumina team
    Keymaster

    You should escape dynamically generated content in your Theme, especially content that is output to HTML attributes. As noted in WordPress Coding Standards, text that goes into attributes should be run through esc_attr() so that single or double quotes do not end the attribute value and invalidate the XHTML and cause a security issue. Common places to check are title, alt, and value attributes.

    #1540
    Crumina team
    Keymaster

    There are few special template tags for common cases where safe output is needed. One such case involves outputing a post title to a title attribute using the_title_attribute() instead of the_title() to avoid a security vulnerability. Here’s an example of correct escaping for the title attribute of a post title link when using translatable text:

    #1541
    Crumina team
    Keymaster

    The Theme’s main navigation should support a custom menu with wp_nav_menu().
    Menus should support long link titles and a large amount of list items. These items should not break the design or layout.
    Submenu items should display correctly. If possible, support drop-down menu styles for submenu items. Drop-downs allowing showing menu depth instead of just showing the top level.

    #1542
    Crumina team
    Keymaster

    The Theme’s main navigation should support a custom menu with wp_nav_menu().
    Menus should support long link titles and a large amount of list items. These items should not break the design or layout.
    Submenu items should display correctly. If possible, support drop-down menu styles for submenu items. Drop-downs allowing showing menu depth instead of just showing the top level.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.