WordPress Plugin Security: Sanitazing Input
WordPress offer a variety of functions to sanitize input. Sanitizing is a process of formatting input into a standardized formats. This can help mitigate potentially unsafe data and convert them into safe ones.
Functions which goes in sanitize_*() series can do many of sanitizing process. One example is the sanitize_email(). This functions will do validation on several things and strips out characters not allowed in email, some validation implemente are:
- Test for minimum email length
- Test for @ character which signify email address
- Test for invalid characters
- Test for leading and trailing periods and whitespaces
After validating the function will return a valid email address which can be used.
Other sanitizing functions will have different validation and conversion process according to the context of the data.
References: