This topic contains 3 replies, has 1 voice, and was last updated by  Ваш Банкир 4 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1539

    You should escape dynamically generated content in your Theme, especially content that is output to HTML attributes. As noted in WordPress Coding Standards, text that goes into attributes should be run through esc_attr() so that single or double quotes do not end the attribute value and invalidate the XHTML and cause a security issue. Common places to check are title, alt, and value attributes.

    #1540

    There are few special template tags for common cases where safe output is needed. One such case involves outputing a post title to a title attribute using the_title_attribute() instead of the_title() to avoid a security vulnerability. Here’s an example of correct escaping for the title attribute of a post title link when using translatable text:

    #1541

    The Theme’s main navigation should support a custom menu with wp_nav_menu().
    Menus should support long link titles and a large amount of list items. These items should not break the design or layout.
    Submenu items should display correctly. If possible, support drop-down menu styles for submenu items. Drop-downs allowing showing menu depth instead of just showing the top level.

    #1542

    The Theme’s main navigation should support a custom menu with wp_nav_menu().
    Menus should support long link titles and a large amount of list items. These items should not break the design or layout.
    Submenu items should display correctly. If possible, support drop-down menu styles for submenu items. Drop-downs allowing showing menu depth instead of just showing the top level.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.