How to display post meta data in secure manner

Well that depends on how you define secure.

I assume your embed code is an iframe which means that you are putting something not under your control (that could in theory always change into something malicious) into your site. This isn’t 100% secure itself. That is why esc_html strips that out.

The question you have to ask yourself is how much of a risk this is regarding the person who has the right to change this field.

But maybe there is an alternative if the embed you are using is from a site that has oEmbed support in WordPress.

Then you can easily embed it using wp_oembed_get. This still puts an iframe from somewhere else into your site, but at least it doesn’t allow arbitrary HTML or JS.

If you add some more info about what embed code we are actually talking about I might even be able to provide an example.

Related Posts:

  1. What are nulled themes?
  2. Extra themes – ok or bad?
  3. How to get the post-ID in my plugin?
  4. Is that a malicious code?
  5. Is a very simple theme secure enough?
  6. WP Snippet to Hide Theme Editor In Dashboard Only Works On LocalHost Site
  7. Is there significant risk in not keeping a theme updated? [closed]
  8. Meta title W3C Validation Error with
  9. Load all files from folder in theme – Security concerns?
  10. hardened wordpress linux install
  11. suspicious boolean.php file in wp web root [closed]
  12. get_post_meta() doesn’t allow email
  13. How do I change the header image height in Twenty Seventeen?
  14. Is it OK to remove theme credits from footer? [duplicate]
  15. How to create a new theme from scratch?
  16. What theme is good for posting code? [closed]
  17. How to see files in directories in “Edit Themes” screen
  18. WordPress generating 404 on .mp4 file in theme folder
  19. Why are my widgets not saving when being added to a sidebar?
  20. Building useful features into your theme
  21. Editing theme files and access to the Code pages only to super-admin?
  22. Current theme broken – after server and domain migration
  23. Categories for Pages Not Saving in Admin with Custom Categories Metabox?
  24. Switch Theme Through Options Panel
  25. Weird post pagination url redirect
  26. How get Themes list via REST api?
  27. Activate a new WordPress Theme Only for Admins
  28. WordPress Fatal error: Call to undefined get_header() in index.php on line 15 [closed]
  29. Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?
  30. Theme Editor Not Showing
  31. Pros and cons of using Backbone for WordPress theming [closed]
  32. Can I create multiple instances of the BuddyPress Activity Stream with separate themes? [closed]
  33. Can I rename a theme’s folder and still receive updates?
  34. Child theme not visible
  35. Custom theme folder
  36. How to load parent theme style.css?
  37. How to setup a new WordPress theme without deactivating the current theme?
  38. WordPress is not able to change themes
  39. Inject widgets from one sidebar into another with PHP
  40. Where all are child themes recorded when they are created in WordPress
  41. I have some doubts regarding how to implement child theme
  42. Incompatible Archive. PCLZIP_ERR_BAD_FORMAT (-10)
  43. how to remove category nav from Bueno (WordPress Theme) header [closed]
  44. What is the safe way to print tracking code / pixel code before tag or tag
  45. Web site Header tag links some resources with HTTPS
  46. How to style the post previews/links without it affecting the main posts?
  47. customize color in WP child theme doesn’t saved
  48. How to work on a new Theme for a site while still keeping the old Theme live
  49. Loading Bootstrap with wp_enqueue_style and wp_enqueue_script
  50. WordPress use of @ in core files
  51. Unable to upload/install any WordPress themes
  52. Change the name of the root name of an already built WordPress theme
  53. How to switch theme if the current user is admin?
  54. Cannot apply custom css to IE in the theme
  55. How to assign custom template to specific products in Woocommerce?
  56. Getting a ‘slide down’ js panel implemented within WP
  57. The requested theme does not exist. Stylesheet is missing – error after changing style.css name to my-styles.css in wp child theme?
  58. Re-zipping or extracting theme from wordpress site files
  59. Why does wordpress add Theme not list a specific theme anymore?
  60. WordPress theme layout problem
  61. current_user_can(‘manage_options’) causes white screen of death?
  62. header.php-tweak: How to do that getting Meta-Slider into the header-center?
  63. Does WP, php, or a current framework (woofoo / genesis, etc). Offer a way to schedule text / bg color changes?
  64. different theme in one website
  65. Migrating a website using custom image tags to use featured images instead
  66. Editing Theme and Moving Servers
  67. WordPress | Theme error
  68. Fix threaded comments
  69. Using DePo Masthead with WP 3+
  70. setcookie on WordPress Page Template
  71. How to get this taxonomy name from wp_get_object_terms()?
  72. Will I still have my website wordpress theme if I transfer my website to sites like Namecheap?
  73. How to change wordpress gutenberg editor font to match default theme font?
  74. Facebook Icon on top of WordPress Site Header and Top Bar
  75. How to make wordpress theme option page in columns?
  76. 404 not working, going to homepage; how to fix?
  77. Local LAMP Stack on Linux Mint theme upload fails
  78. How do WordPress themes work in relation to content?
  79. Custom CSS is overwritten by WordPress?
  80. Incorrect Theme and Upload URLs After Migration
  81. Using two stylesheets for mobile compatibility
  82. Copy from wordpress for dev gives different output in browser
  83. Target Internal Link Of Another Page On Website
  84. Change whole theme depending on resolution
  85. post_prev & post_next within same category
  86. Costum Theme template directoy url problem
  87. How to remove the option data of a theme when that theme is removed?
  88. How to find out which template the HTML content comes from?
  89. Convert theme to be based on Bootstrap?
  90. Include root files into header files
  91. Static posts page is not working
  92. Cannot use some themes within Managed WordPress of Go Daddy [closed]
  93. How to track your theme usage on the internet?
  94. How to add Company Logo to Chosen Theme
  95. What security risk is not having “default” theme?
  96. Is it possible to dynamically show different themes for different users? [duplicate]
  97. Why does WP theme not look like promoted? [closed]
  98. Table of Contents in Left Navbar [closed]
  99. How do I get rid of the Mindblown and the book recommendations?
  100. Adding PHP code to single template in 2023 edition of WordPress theme
error code: 523