How to display post meta data in secure manner

Well that depends on how you define secure.

I assume your embed code is an iframe which means that you are putting something not under your control (that could in theory always change into something malicious) into your site. This isn’t 100% secure itself. That is why esc_html strips that out.

The question you have to ask yourself is how much of a risk this is regarding the person who has the right to change this field.

But maybe there is an alternative if the embed you are using is from a site that has oEmbed support in WordPress.

Then you can easily embed it using wp_oembed_get. This still puts an iframe from somewhere else into your site, but at least it doesn’t allow arbitrary HTML or JS.

If you add some more info about what embed code we are actually talking about I might even be able to provide an example.

Related Posts:

  1. What are nulled themes?
  2. Extra themes – ok or bad?
  3. How to get the post-ID in my plugin?
  4. Is that a malicious code?
  5. Is a very simple theme secure enough?
  6. WP Snippet to Hide Theme Editor In Dashboard Only Works On LocalHost Site
  7. Is there significant risk in not keeping a theme updated? [closed]
  8. Meta title W3C Validation Error with
  9. Load all files from folder in theme – Security concerns?
  10. hardened wordpress linux install
  11. suspicious boolean.php file in wp web root [closed]
  12. get_post_meta() doesn’t allow email
  13. How to change background color in the Notepad++ text editor?
  14. What does it mean to escape a string?
  15. How to change or add theme to Android Studio?
  16. WordPress frameworks and parent themes [closed]
  17. Opinions and recommendations on the best barebones base theme [closed]
  18. Remove JSON API links in header html
  19. Using OOP in themes
  20. Where can I download WordPress themes from? [closed]
  21. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  22. How can I allow the Editor Role to change Theme Settings?
  23. What are all the available parameters for query_posts?
  24. Customizing a WordPress theme without changing it?
  25. Where can I learn to create my own theme?
  26. How do I turn off self-closing tags for markup in WordPress (for HTML5, or HTML4, for example)?
  27. how to add version of style.css in wordpress
  28. Does WordPress work without a theme?
  29. Should I escape wordpress functions like the_title, the_excerpt, the_content
  30. What is the role and history of the $content_width global variable?
  31. Adding admin-ajax.php to the frontend. Good or bad idea?
  32. How to move the sidebar in TwentyFifteen to the right?
  33. How to Link External jQuery/Javascript files with WordPress
  34. Installation failed: Download failed. No working transports found
  35. What is theme-compat?
  36. Override parent theme translation on child theme
  37. WordPress Theme activation hook?
  38. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  39. Can wordpress theme folder name be changed freely and nothing technically happens
  40. Link to specific Customizer section
  41. What does exactly GPL license mean for my WordPress theme?
  42. Am I allowed to license my WordPress theme under the aGPL
  43. How do I change the header image height in Twenty Seventeen?
  44. Starter Theme vs Parent Theme? Pros and cons
  45. How to change the language for the front-end only?
  46. W3 Total Cache, CDN and theme files [closed]
  47. Best way to include Bootstrap in WordPress
  48. What is the difference between esc_html filter vs attribute_escape filter?
  49. How to set thumbnail image for a (child) theme
  50. Different template of products for specific category. WooCommerce
  51. Show different theme for admin?
  52. How can I version the main CSS file?
  53. what the best way to include images from the template’s images folder?
  54. Which WP functions do you need to use esc_html() or esc_url() on?
  55. Is it OK to remove theme credits from footer? [duplicate]
  56. Undefined offset: 0 in > […] /wp-includes/capabilities.php on line 1067
  57. esc_attr() right way and use
  58. Should `get_template_directory_uri()` be escaped?
  59. What’s the difference between esc_* functions?
  60. What to use instead of wp_kses() in user output
  61. How can I get the title attribute from get_the_post_thumbnail()?
  62. Dash or underscore in theme folder name?
  63. No “Add New” Button. How to add new theme?
  64. How do I add support to my theme for custom menus?
  65. “Unexpected error” on update requests
  66. How to prevent plugin, theme installation failures on WordPress?
  67. How do I white label my self-hosted site created by wordpress?
  68. Do Child-Themes automatically load the Translation from the Parent-Theme?
  69. When cropping a header image, retain meta data (i.e. name, description, etc.) from original image?
  70. Best practices for a Style/CSS based theme options page?
  71. How to create a new theme from scratch?
  72. Categorising themes by folders in backend
  73. Switching themes without losing widgets?
  74. How to use media upload on theme option page?
  75. Dynamic template serving, change theme_root using add_filter from current theme
  76. What theme is good for posting code? [closed]
  77. WordPress 5 / Gutenberg – theme doesn’t have featured image option showing up
  78. Custom Taxonomy-specific JavaScript
  79. How to refresh WordPress Customizer panel upon entering a value
  80. Set Featured Image for Archive templates
  81. How to escape custom css?
  82. is_front_page only works in theme file, and does not work in functions.php
  83. What is meant by __(‘page’,’twentytwelve’)
  84. How do I add a new string to a .po or .pot file?
  85. Adding Language Support using .pot and .mo files to a WordPress Theme?
  86. Difference between stylesheet_directory and template_directory
  87. Free/Open-Source Theme Frameworks as an Alternate to Thesis? [closed]
  88. can require “themefolder/includes/widgets.php” in “themefolder/functions.php” yet widgets.php doesn’t run
  89. Using Multiple Themes in a Single WordPress Site?
  90. Adding a Template to the Page Attributes Panel for both Posts and Pages?
  91. How to override the “inc” folder (or any folder) in a theme using child theme?
  92. How to license my commercial WordPress theme? [closed]
  93. How to Use WordPress as Static CMS Without Blog Posts
  94. Any official way to create an admin theme?
  95. Pre-populating the Page/Post Content Editor with HTML Snippets?
  96. How do I create my own admin button and theme settings page?
  97. Is it possible to access Gutenbergs reusable blocks in CPT block templates?
  98. How do you change the theme location?
  99. Splitting an Evolving Site into Multiple Sites, or Maintaining as One Site?
  100. Two instances of WordPress with different URLs and themes
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)