Always be escaping (your output)
-
Bonus points for sanitizing it when saving to the DB ??
Current
<?php echo $options['amp_analytics_ga_ua']; ?><?php echo '"account":' . ' "' . $options["amp_analytics_ga_ua"] . '"' . "\n"; ?>Proposed
<?php echo esc_attr( $options['amp_analytics_ga_ua'] ); ?><?php echo '"account":' . ' "' . esc_js( $options["amp_analytics_ga_ua"] ) . '"' . "\n"; ?>
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Always be escaping (your output)’ is closed to new replies.
