Escaping HTML and attributes in arguments passed to a function
-
Hello,
I am confused as to whether it is necessary to escape HTML and HTML attributes in arguments passed to a function. For example, is it necessary to use esc_html() and esc_attr(), like in the code below, when the arguments relate to HTML tags and attributes? Thanks!<?php $args = array( 'theme_location' => 'mobile-nav', 'container' => esc_html( 'nav' ), 'container_id' => esc_attr( 'mobile-nav' ), 'container_class' => esc_attr( 'mobile-nav' ), 'menu_class' => esc_attr( 'header-menu' ), ); wp_nav_menu( $args ); ?>
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Escaping HTML and attributes in arguments passed to a function’ is closed to new replies.