我一直在嘗試提交一個插件以供審核,但我一直遇到回聲線問題。我發送的最后一個版本是這樣的。
<option value="">
<?php _e( '- Default', MF_TEXT_DOMAIN ); ?>
</option>
<?php foreach ( $folders as $folder ) {
$folder = trim( $folder );
$folder = esc_attr( $folder );
echo "<option value=\"{$folder}\">{$folder}</option>";
} ?>
WordPress 的回應是:
這沒有逃脫:
echo "<option value=\"{$folder}\">{$folder}</option>";$folder 在回顯時必須轉義。
現在我準備再次提交代碼以供審核,但首先我想確保我是正確的。
這里是新代碼
<option value="">
<?php _e( '- Default', MF_TEXT_DOMAIN ); ?>
</option>
<?php foreach ( $folders as $folder ) {
$folder = trim( $folder );
echo '<option value="' . esc_attr( $folder ) . '">' . esc_attr( $folder ) . '</option>';
} ?>
如果有人可以提供幫助,我將不勝感激,因為我對(轉義)有點困惑。
uj5u.com熱心網友回復:
根據開發人員檔案,出于安全原因,所有內容都必須轉義。以下是 WordPress 為不同資料提供的轉義功能:
esc_attr() // Use on everything else that’s printed into an HTML element’s attribute.
esc_html() // Use anytime an HTML element encloses a section of data being displayed. This WILL NOT display HTML content, it is meant for being used inside HTML and will remove your HTML.
esc_js() // Use for inline Javascript.
esc_textarea() // Use this to encode text for use inside a textarea element.
esc_url() // Use on all URLs, including those in the src and href attributes of an HTML element.
esc_url_raw() // Use when storing a URL in the database or in other cases where non-encoded URLs are needed.
wp_kses() // Use to safely escape for all non-trusted HTML (post text, comment text, etc.)
wp_kses_post() // Alternative version of wp_kses() that automatically allows all HTML that is permitted in post content.
wp_kses_data() // Alternative version of wp_kses() that allows only the HTML permitted in post comments.
如果您想閱讀更多內容,這里是官方檔案。讓我知道你有任何問題!:)
https://developer.wordpress.org/plugins/security/securing-output/
轉載請註明出處,本文鏈接:https://www.uj5u.com/net/466198.html