Is echo get_the_term_list and get_field in a template file considered safe?

Is using get_the_terms_list and get_field in the manner below consistent with accepted standards for safely displaying taxonomy terms as links in a table and custom field text beneath headings in a template file?

Are additional functions recommended that are more accepted and secure?

Or is displaying the terms or text in this manner already on par with safety standards as is?

<table>
<tbody>
<tr><td><strong>Genre:</strong></td><td><?php echo get_the_term_list( $post->ID, ‘genre’, ‘ ‘, ‘, ‘, ” ); ?></td></tr>
<tr><td><strong>Country:</strong></td><td><?php echo get_the_term_list( $post->ID, ‘country’, ‘ ‘, ‘, ‘, ” ); ?></td></tr>
</tbody>
</table>
<br/>
<h3>Quote:</h3>
<span><?php echo get_field(‘quote’); ?></span>
<br/>
<h3>Review:</h3>
<blockquote><?php echo get_field(‘review’);?></blockquote>

What sparked this question was coming across https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/ specifically the part that says “esc_html() – Use this function anytime an HTML element encloses a section of data being displayed.”

Read more here:: Is echo get_the_term_list and get_field in a template file considered safe?

Leave a Reply

Your email address will not be published. Required fields are marked *