Using wp_localize_script in template file – is it secure?

Input/output related security issue can be roughly sorted into two buckets:

  • someone manages to read information they are not supposed to;
  • someone manages to write information they are not supposed to.

Localize is not capable of writing anything into site, so you are safe on that front.

On the read side it’s not much different from just echoing things into page source (which it’s essentially doing). The only thing you need to be careful about is that data provided cannot be manipulated by user/input.

For example page title should be precisely for the page being processed and there should be no holes allowing it to return title for a different page (which might be private and such).

Related Posts:

  1. Which WP functions do you need to use esc_html() or esc_url() on?
  2. Masking logout URL
  3. WordPress Content Security Policy and Subresource Integrity
  4. password protected post policy
  5. Get Current User info using wp_localize_script, in functions.php
  6. Force to use STRONG users password and implement rule to prevent REUSE [closed]
  7. adding custom script to functions file
  8. Auto log in hook is requiring a page refresh
  9. what is best way to keep track of changes made in wordpress website? [closed]
  10. User meta and public function security
  11. localize_script but data changes dependent on product ID
  12. Security when outputing wp_oembed_get code
  13. DISABLE wordpress upgrade page
  14. Pass max posts to Javascript
  15. Will my WordPress site become vulnerable after adding this functions which allows more HTML tags for subscribers?
  16. Adding a second email address to a completed order in WooCommerce [closed]
  17. What is the difference between get_page_link and get_permalink functions?
  18. Possible to search by author name with default WordPress search function?
  19. When to use esc_url, esc_html, esc_attr, and friends?
  20. Breadcrumbs showing Parent and Child Pages
  21. Influence of WordPress functions on site speed
  22. Is it possible to override this function/class in a child theme?
  23. mysql custom wp query
  24. TinyMCE custom stylesheets for different post types
  25. When new user register then add new user role
  26. Order get_users() by last login date. Is it possible?
  27. Display random text from a file with the WP built-in AJAX API
  28. Remove bulk actions based on user role or capabilities
  29. Set first oembed in post to a global variable or function
  30. Adding extra SVGs to TwentyNineteen child theme using class TwentyNineteen_SVG_Icons
  31. wp_delete_attachment
  32. Adding body class when post contains a specific shortcode
  33. WordPress registration and contact form 7 [closed]
  34. Detect Safari desktop browser and include the detection in a shortcode
  35. Is It wrong to use oop approach on functions.php?
  36. How to preserve edits to Name or Slug of term when using wp_update_term on save?
  37. Woocommerce checkout field maxlength, make input number field only (postcode)
  38. My simple custom shortcode is not longer working (possibly due to upgrade to WordPress 4.4 ?)
  39. PHP files included in functions.php don’t seem to work
  40. Register and enqueue style.css custom theme
  41. Where do I add html code to the menu div?
  42. Add function to every post?
  43. WordPress shortcode attributes for database SELECT?
  44. How to get membership level for specific user email
  45. Understanding and altering the structure of posted images
  46. What do the schemes login, login_post, admin, and relative mean?
  47. Backstretch.js and thumbnail sizes to reduce loading time
  48. Featured Image Thumbnail Creation
  49. How do I hide or remove ‘Category’ from wordpress breadcrumbs
  50. Trouble with adding a wp_enqueue_script on wordpress
  51. Display images that are not in the content
  52. How do display most popular post from a year earlier to the day?
  53. Updating Media Published Date When Parent Post Is Modified in WordPress
  54. WP Ajax Function Always Returning undefined
  55. Pagination in relation to archive.php
  56. Creating A New Admin Menu Tab For Theme Options
  57. Incorrect redirect after commenting
  58. Run wp_kses_decode_entities on atom feed?
  59. Where do i create my own function in wp-admin
  60. Function extending with if query in functions.php
  61. Question about “wp_deregister_script()”
  62. Turn get_posts as string into an array for use in theme admin options
  63. Combine embed_oembed_html and oembed_result
  64. Load JS file only in specific template
  65. Why get_user_by() doesn’t work in my code?
  66. Can’t switch to a child theme using filters template, option_template and option_stylesheet
  67. What is wrong with code added to functions.php to selectively show styles based on login state
  68. How to change value of variable in theme file with functions.php WordPress?
  69. Changing where my author box is printed
  70. Why a SlideShow (made using JQuery FlexSlider) can’t work if I load it form functions.php but work if I load it from my footer.php file? [closed]
  71. functions.php return custom text
  72. Creating multiple category drop down
  73. WordPress Categories: Function using custom SQL to return array of specific category IDs
  74. Override a Post’s URL with Advanced Custom Fields Function
  75. Change category display name function
  76. Writing a function for WP Cron to run a SQL command daily
  77. Wildcard 301 Redirect Using Theme Function
  78. Changing the default view of “The Events Calendar” for mobile
  79. How Can I Concatenate A String With One Of My Custom Field Value Before Saving The Post?
  80. Hide empty custom field
  81. add product thumbnail to checkout page only and include variation name
  82. Lost Your password Hook Not Showing Up
  83. Function/way to redirect to specific page whenever a specific text occurs on homepage?
  84. Which method is more correct for removing WooCommerce Extensions menu item?
  85. Help! Need a different logo on my main page from my other pages
  86. RSS feed including post updates
  87. Get child-pages slugs of current page into js-file
  88. Frontend Feature image upload not work
  89. Display page number on custom page title function
  90. Sending Messages Back to the Template After Processing?
  91. Shortcode to eliminate and replace with
  92. Why are some custom javascript files working but some are not
  93. using enqueue_script in a shortcode isn’t working
  94. Filter to strip unnecessary attributes
  95. get_post_class() not working well
  96. How to resize image from import image url?
  97. Vimeo video play button color function
  98. How to overwrite image if it already exists – WordPress, Gravity form
  99. Change TinyMCE undeline outpout
  100. Loading newest dependency javascript module file in functions.php
techhipbettruvabetnorabahisbahis forumutaraftarium24edusedusedusedueduseduedueduseduedu