Add escaping. - Githubissues

felixarntz / attachment-taxonomies

This plugin adds categories and tags to the WordPress media library - lightweight and developer-friendly.

https://wordpress.org/plugins/attachment-taxonomies/

GNU General Public License v3.0

29 stars 6 forks source link

Add escaping. #6

Closed tareiking closed 8 years ago

tareiking commented 8 years ago

Add late escaping as per : https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

felixarntz commented 8 years ago

Thanks for this @tareiking! Do you think escaping is necessary in all these cases? Some of the outputted data is not user-based at all or should be safe before already - for example in the CSS part you changed, these values are already integers, so nothing to possibly escape there, or am I missing something?

tareiking commented 8 years ago

Hi @felixarntz - I did see they were already cast accordingly, however - best to escape as late as possible (which is as its being output / echo'd) : WordPress Coding Standards would probably enforce those examples.

While it might not be absolutely necessary now, things might change - and at least your bases are covered.