Sanitization, escaping, and validation have become a regular part of my WordPress theme development within the last year. If those words confuse you, don’t worry, I’ve got another draft in my dashboard waiting to be finished. Eventually. But for those of you that do have a general idea of what these terms mean, perhaps you’ve faced the same nagging questions I had when it came to escaping WordPress template functions. At first, I was just applying escape functions mechanically, while not truly understanding what it was that I was doing, I knew that it was a best practice. Just like WordPress hooks, over time, my understanding became less fuzzy, but until these nagging questions could be answered, I couldn’t feel confident that I was escaping correctly. Which WordPress template functions should be escaped? Which functions already have this built into core? By template functions, I mean functions that are regularly used throughout theme development to call content from the dashboard. Like the_title(), the_permalink(), and the_excerpt() to name a few. This becomes harder to figure out if, like me, you hadn’t truly dived into WordPress’ mysterious core
Share This