Should `get_template_directory_uri()` be escaped?
In that function we find a hook: return apply_filters( ‘template_directory_uri’, $template_dir_uri, $template, $theme_root_uri ); So, yes, the URI can be changed by plugins, and you should escape its returned value. The same principle applies to all WordPress URI functions, like get_home_url(), get_site_url() and so on. Keep in mind that there are not only good plugin … Read more