简体繁体中英

Sanitize PHP textarea in WP metabox allowing HTML markup

原文 2021-06-14 08:35:04 7 1 php/ html/ wordpress/ sanitization/ meta-boxes

In a Wordpress site I have a custom textarea metabox with text editor.

If I use sanitize_textarea_field() to sanitize the text, the HTML markup manually set in the text editor disappears.

If I use wp_kses_post HTML tags are allowed.

Is this the right solution to keep a good security level?

Thank you.

1 answers

Yes, wp_kses_post() is a right method as per the WP documentations.

And when we need control over the allowed HTML tags and attributes, we can use wp_kses() .

PHP (WP) - Ignoring HTML markup

Logic and markup, html and php

HTML markup templates in PHP

HTML markup manipulation in PHP

Sanitize HTML Content before using wp_remote_post

WP Metabox not saving post meta

Sanitize HTML5 with PHP (prevent XSS)

Sanitize HTML in SQL query with PHP function

Storing HTML markup in a PHP string

PHP snippet ruins HTML markup

暂无

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP (WP) - Ignoring HTML markup Logic and markup, html and php HTML markup templates in PHP HTML markup manipulation in PHP Sanitize HTML Content before using wp_remote_post WP Metabox not saving post meta Sanitize HTML5 with PHP (prevent XSS) Sanitize HTML in SQL query with PHP function Storing HTML markup in a PHP string PHP snippet ruins HTML markup

Related Tags

粤ICP备18138465号 © 2020-2024 STACKOOM.COM