In a Wordpress site I have a custom textarea metabox with text editor.
If I use sanitize_textarea_field()
to sanitize the text, the HTML markup manually set in the text editor disappears.
If I use wp_kses_post
HTML tags are allowed.
Is this the right solution to keep a good security level?
Thank you.
Yes, wp_kses_post() is a right method as per the WP documentations.
And when we need control over the allowed HTML tags and attributes, we can use wp_kses() .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.