Filter all html output

You can’t protect against everything a user will do. What if they hard-code an email address in the footer/header/sidebar of their theme? The only way to capture and escape that is with output buffering … and that can become a performance nightmare.

My recommendation would be to do two things:

  1. Hook in to all of the places that make sense.
  2. Provide accessible functions that allow people to escape their own content.

You’ve already got step 1 pretty much covered. Email addresses most often appear in post content (the_content and the_excerpt) but might also appear in comments. I would also recommend filtering the title and the content of sidebar widgets:

add_filter('the_title', array(&$this,"pep_replace"));
add_filter('widget_content', array(&$this,"pep_replace"));

For step 2, document a generic function that people can use to sanitize their email addresses:

function sanitize_email( $email ) {
    // do stuff
    return $sanitized_email;
}

Users can then use this rather than hardcoding their email address:

<p>Please contact me at <?php echo sanitize_email( '[email protected]' ); ?>.</p>

If you weren’t already filtering the_content, I’d recommend you create a shortcode as well … but that’s a bit redundant.

Be very careful

The other three hooks you’ve listed aren’t actually filters – these are action hooks. They’re meant to be places in code where you can hook in your own logical methods. Unlike filters, they don’t return anything to PHP … so they’re pretty meaningless when used as filters.

Related Posts:

  1. How many filter/action hooks are healthy?
  2. Filter specific shortcode output?
  3. Earliest hook to reliably get $post/$posts
  4. What does (10, 2) mean when used with add_filter
  5. Clarification on filters and hooks
  6. Valid characters for actions, hooks and filters
  7. How to hook into unregistering a widget instance?
  8. How to check if a hook is hooked or not?
  9. Passing Additional Parameters to add_filter Callable
  10. Modify WordPress Rest Api Request/Response
  11. How to add some custom HTML into wordpress admin bar?
  12. Custom theme hooks / filters – passing arguments
  13. How to disable all WordPress emails modularly and programatically?
  14. How to hook wp_list_pages?
  15. How to use the_excerpt in a filter hook?
  16. Hook into admin post list page
  17. Change text of Description in Image Library
  18. Load different template file when condition met?
  19. Am I using the right hook for removing quicktags on the admin TinyMCE?
  20. About Hooks and Filters
  21. Should I use add_action(‘publish_post or add_filter(‘publish_post?
  22. Can’t get wp_title filter working in twenty sixteen child theme
  23. Removing labels and tag on WordPress’s default login form
  24. How to trigger the core WPLANG to make automatically set a language when the theme is activated? [duplicate]
  25. How to hook some Unicode texts into calendar widget safely?
  26. How to add attributes to tag when template cannot be directly modified
  27. Too many actions/filters!
  28. How to get list of all hooks of current theme / plugin?
  29. Which hook is fired when inserting media into a post
  30. Why anything done on comments_array hook gets reset?
  31. add_filter() function misunderstanding
  32. Is it possible to track down Actions and Filters?
  33. add filter login_redirect does not contain original requested redirect
  34. get_header and hook avoid normal call
  35. How to add numeric slug for child page in WordPress 5.9?
  36. Can the wp_filter object hold multiple values with the same key
  37. apply_filters/do_action tag characters limit
  38. How to change the order of HTML output of a core block?
  39. Filter taxonomy admin pagination
  40. How to modify core when there is no hook?
  41. WP action/filter to modify title before header output and article output?
  42. Using wp_handle_upload() to Direct Specific Path by Using $overrides
  43. Post Content, Special Characters and Filters
  44. How to filter for user registration, be able to throw error message
  45. Gutenberg – Add align controls to a custom block
  46. How to remove action with slashes and arrows?
  47. Better extend a class or use add filter/action hooks?
  48. Add default user field to WooCommerce checkout [closed]
  49. Changing WordPress core without hacking core
  50. Customize title, description and focused keyword [closed]
  51. Plugin options, presets and filters : can you help me improve my workflow?
  52. how to customize rss feed tags using hooks?
  53. Filtering the post list in the admin area
  54. Woocommerce “added to cart” message on main(home) page
  55. How to check if a protected hook is hooked?
  56. Wrapping my head around add_filter
  57. Gutenberg Block – Post Featured Image Filter Hook
  58. Modify message displayed on post save
  59. Change custom post type GUID in RSS
  60. Pass debug_backtrace() in WordPress filter
  61. filter hook to load a different post/page on current post/page
  62. Remove actions/filters that are set with create_function()
  63. Redirect to woocommerce checkout after adding to cart – item already in cart
  64. comment_for() Custom fields not visible when user is logged in
  65. How to access page variable inside action hook
  66. I need to hook and change language of facebook sdk
  67. Use has_filter on comment_post
  68. How To Get Search Term and Use in Function
  69. Renaming wordpress login and get new password button
  70. Hook in a sidebar widget and add some markup
  71. BuddyPress – A hook available to hide custom born date on public profile view?
  72. Same URL for portfolio and for a page creates 404 error. Is there any filter that i can use for a child page?
  73. ‘manage_users_custom_column’ is a filter, but ‘manage_posts_custom_column’ is an action. Why?
  74. How do I add a line break to a string that is output by PHP?
  75. Scanning for custom embed and prefetching
  76. Filter widget_posts_args not working
  77. Filter the title to only affect the_title() template function
  78. Remove and replace woocommerce add to cart button [closed]
  79. style_loader_tag not changing stylesheet to preload
  80. How can I filter the comment action links so that I can display the actions links based on user capabilities?
  81. Hook to change the site URL
  82. Modify WordPress Page Title ()
  83. Right filter for rewriting page statuscode
  84. Add Index to Item in WordPress Gallery
  85. Re-order search results with posts_orderby filter and post meta value
  86. How to filter wp_get_recent_posts() to only posts that have thumbnails?
  87. Adding user filter – Not updating data in URL
  88. How to check which submission button was clicked?
  89. Converting restricted html in comments to bbcode
  90. Why none of xmlrpc filters work
  91. How to add a class to Buddypress avatars in the Activity stream? [closed]
  92. Which hook should be used in this case?
  93. Getting entry ID from frm_email_message filter in formidable
  94. WooCommerce comments_template Filter Not Firing
  95. Auto append text after the title?
  96. How to use apply_filters(‘get_calendar’) to change get_calendar() output?
  97. Better way to change the default password reset url with the woocommerce one?
  98. How to elect position of new item output in a dropdown when using add_filter
  99. Replacing text using add_filter
  100. Change password reqts with NO plugin without breaking resetpass link?

Leave a Comment

techhipbettruvabetnorabahisbahis forumueduedueduseduseduedusedusedueduedus