WordPress Plugin Security: Sanitizing Output

Sanitizing output for plugin security is the process of stripping unwanted data which will be rendered to users. The unwanted data can be incorrect HTML or script tags. This process usually called escaping data. Escaping data can help in preventing Cross-Site Scripting.

For the most common scenarios, these functions can be help securing WordPress:

  • esc_html()
  • esc_url()
  • esc_js()
  • esc_attr()

 

References:

WordPress Plugin Handbook: Securing Output

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.