Variables and options must be escaped when echo’d

  • hi,i am learning wordpress plugin development and i tried to upload a plugin that i made to wordpress plugin directory.i get a mail from wordpress plugin review team that contains lots of fix for my plugin.inluding “Variables and options must be escaped when echo’d”

    i don’t understand what is the message for i have fixed this with two different way . can anyone help me to choose the correct fix.

    <div class="'.esc_attr( "kmf-cpr-field ip" ).'"> 
<p>'.esc_html("Is Public").'</p>
<input type="'.esc_attr( "checkbox" ).'" id="'.esc_attr( "ip" ).'" name="'.esc_attr($this->meta_slug_og.'[ip]').'" '.esc_attr($this->get_the_saved_value(get_the_ID(),$this->meta_slug_og,'select','ip')).'></div>



    and another one is 


    <input type="checkbox" id="editor" name="'.esc_attr($this->meta_slug_og.'[supports][]').'" value="editor" '.esc_attr($this->get_the_saved_value(get_the_ID(),$this->meta_slug_og,'multi_select','supports','editor')).'>

<label for="editor">'.esc_html('Editor').'</label>

    it will be kind if anyone can help me with this.

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    There is an article about escaping output here. You don’t really need to escape static strings, but no harm in doing so anyway, other than some minuscule performance hit.

    What you posted here looks OK to me, but I’m not the plugin review team. It could be you’ve other code somewhere that needs escaping? If you cannot determine where yourself, ask the review team for more specific direction about where they are seeing a security issue.

Viewing 1 replies (of 1 total)
  • The topic ‘Variables and options must be escaped when echo’d’ is closed to new replies.