admin管理员组文章数量:1336660
I have some questions about escaping.These examples are the things which I couldnt do the true.
Must I escape variables, if it is, how can I do it?
For example: global $redux_demo;
in this code:
if ( class_exists( 'Redux' ) ) {
global $redux_demo;
if ($redux_demo['button-set-single-archive-services'] == 2)
{
get_template_part( 'demo-archive-services' );
die;
Is it true escaping?
<?php esc_html_e( 'Our Services', 'hekim' )?>
Functions start with the, need escaping or not?
For example : <?php the_title(); ?>
If I change these functions with the functions start with get, do they need escaping?
Is there any difference about output with functions start the and functions start get?
Why this escaped function doesnt seem?
After escaped this phare, it doesnt seem.What is my mistake in escaping? What is the true form?
<li><?php esc_html( '<a href="#"> HOME </a>' ); ?>xx</li>
I have some questions about escaping.These examples are the things which I couldnt do the true.
Must I escape variables, if it is, how can I do it?
For example: global $redux_demo;
in this code:
if ( class_exists( 'Redux' ) ) {
global $redux_demo;
if ($redux_demo['button-set-single-archive-services'] == 2)
{
get_template_part( 'demo-archive-services' );
die;
Is it true escaping?
<?php esc_html_e( 'Our Services', 'hekim' )?>
Functions start with the, need escaping or not?
For example : <?php the_title(); ?>
If I change these functions with the functions start with get, do they need escaping?
Is there any difference about output with functions start the and functions start get?
Why this escaped function doesnt seem?
After escaped this phare, it doesnt seem.What is my mistake in escaping? What is the true form?
<li><?php esc_html( '<a href="#"> HOME </a>' ); ?>xx</li>
1 Answer
Reset to default 0The point of escaping is to make sure that when a value is output, it cannot output anything malicious, or that would just break the markup of the page. For example, when outputting a variable, you will want to escape certain characters so that the value can't unintentionally open or close HTML tags, which could break the layout of your page, or even output a <script></script> element that could run malicious JavaScript.
WordPress VIP's documentation has a great overview of the concept, with examples: https://wpvip/documentation/vip-go/validating-sanitizing-and-escaping/
Regarding your specific examples:
Must I escape variables, if it is, how can I do it?
For example:
global $redux_demo;in this code:
if ( class_exists( 'Redux' ) ) { global $redux_demo; if ($redux_demo['button-set-single-archive-services'] == 2) { get_template_part( 'demo-archive-services' ); die;```
No. Not all variables need to escaped. Variables only need to be escaped when output. $redux_demo is not being output, so nothing here needs to be escaped.
Is it true escaping?
<?php esc_html_e( 'Our Services', 'hekim' )?>```
Yes. _e() is a function that allows the 'Our Services' string to be replaced by a translation. This means that you can't trust that the output of this line will always be safe. Therefore it needs to be escaped. esc_html_e() is a function that automatically escapes with esc_html(), after running _e() to allow the text to be translated.
Functions start with the, need escaping or not?
For example :
<?php the_title(); ?>If I change these functions with the functions start with
get, do they need escaping? Is there any difference about output with functions starttheand functions startget?
As a general rule, built in functions that start with the_ don't need to be escaped, but functions starting with get_ do need to be escaped. For example, the_permalink() uses esc_url() to escape get_the_permalink() before outputting it.
Why this escaped function doesnt seem?
After escaped this phare, it doesnt seem.What is my mistake in escaping? What is the true form?
<li><?php esc_html( '<a href="#"> HOME </a>' ); ?>xx</li>
The point of esc_html() is to prevent any HMTL in the value from being interpreted as HTML. There is nothing in this example that needs to be escaped. If the link URL was a variable, that would need to be escaped.
本文标签: Escaping Issues
版权声明:本文标题:Escaping Issues 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742417995a2471090.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论