Common sites to look at are title . alt . and price attributes.

There are number of distinctive template tags for frequent scenarios where risk-free output is required. A single these circumstance includes outputting a write-up title to a title attribute employing thetitleattribute() in its place of thetitle() to avoid a stability vulnerability.

This is an illustration of correct escaping for the title attribute of a submit title hyperlink when making use of translatable text: Replace deprecated escape calls with the appropriate phone calls: wpspecialchars() and htmlspecialchars() with eschtml() . cleanurl() with escurl() . and attributeescape() with escattr() . See DataValidation for much more.

Translation Help / I18n To assure easy changeover for language localization, use the WordPress gettext-dependent i18n functions for wrapping all translatable text inside the template files. This helps make it less complicated for the translation data files to hook in and translate the labels, titles and other template text into the site's current language. See much more at WordPress Localization and I18n for WordPress Builders.

Theme Courses Implement the next template tags to incorporate WordPress-created class attributes to body, submit, and comment things. For publish classes, apply only to aspects inside of The Loop. Template File Checklist When building a Concept, verify your template data files from the subsequent template file standards.

Document Head (header. php) Use the good DOCTYPE. The opening <html< tag should include languageattributes() . The <meta< charset element should be placed before everything else, including the <title< element.

Use bloginfo() to set the <meta< charset and description elements. Use wptitle() to set the <title< element. See why.

Use Automatic Feed Links to add feed links. Add a call to wphead() before the closing to add their own scripts, stylesheets, and other functionality. Do not link the theme stylesheets in the Header template. Use the wpenqueuescripts action hook in a theme function instead. Here's an example of a correctly-formatted HTML5 compliant head area: Navigation Menus ( header. php ) The Theme's main navigation should support a custom menu with wpnavmenu() . Menus should support long link titles and a large amount of list items.

These items should not break the design or layout. Submenu items should display correctly. If possible, support drop-down menu styles for submenu items. Drop-downs allowing showing menu depth instead of just showing the top level.

Widgets ( sidebar. php ) The Theme should be widgetized as fully as possible. Any area in the layout that works like a widget (tag cloud, blogroll, list of categories) or could accept widgets (sidebar) should allow widgets. Content that appears in widgetized areas by default (hard-coded into the sidebar, for example) should disappear when widgets are enabled from Appearance < Widgets. Footer ( footer. php ) Use the wpfooter() call, to appear just before closing body tag.

Index ( index. php ) Display a list of posts in excerpt or full-length form. Choose one or the other as appropriate. Include wplinkpages() to support navigation links within posts. Archive ( archive. php ) Display archive title (tag, category, date-based, or author archives). Display a list of posts in excerpt or full-length form. Choose one or the other as appropriate. Include wplinkpages() to support navigation links within posts. Pages ( page. php ) Display page title and page content. Display comment list and comment form (unless comments are off). Include wplinkpages() to support navigation links within a page. Metadata such as tags, categories, date and author should not be displayed.