Using wp_kses_post
to escape the texts before setting them in wp_add_inline_script
is a good approach to prevent malicious content from being added to the page. This will ensure that the text is properly sanitized and only contains allowed HTML tags and attributes.
If you want to allow certain HTML tags and attributes, you can use wp_kses
instead of wp_kses_post
and pass an array of allowed tags and attributes as a second argument.
Using element.innerHTML
to set the contents of the elements is generally safe, as long as the content being set has been properly sanitized. In this case, since you are using wp_kses_post
(or wp_kses
with an appropriate set of allowed tags and attributes) to sanitize the text, it should be safe to use element.innerHTML
.
Related Posts:
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- What does wp-embed.min.js do in WordPress 4.4?
- How to use wordpress default Password Strength Meter script
- Register and enqueue conditional (browser-specific) javascript files?
- wp_enqueue_script() not working at all
- How to dequeue a script?
- Any advantage of using wp_scripts and is_IE when enqueuing scripts
- How to use wp_localize_script in custom page template?
- How to use Head JS with all enqueued scripts?
- wp_enqueue_script : how to change loading order of scripts?
- Remove extra Google Maps script
- What does wp-list.js do?
- Include jQuery UI as a whole
- How to echo JS right after enqueued script to put it into noConflict mode?
- Combine enqueue js without affecting dependencies
- Load multiple Javascript scripts
- WP script versioning breaks cross-site caching?
- wp_localize_script with boolean and init
- wp_register_script multiple identifiers?
- require.js to load javascript
- wp_enqueue_script isn’t connecting my custom js file
- TinyMCE in a div / textarea on frontend?
- How to add extra attributes to the script tag added via wp_localize_script()
- How do I enqueue(or delay loading of) tags in individual page posts?
- Include Javascript as Plain (No file inclusion)
- Move all the JS files to the bottom|footer, the right way
- Javascript not working?
- wp_enqueue_script adds only the first script
- How to add JavaScript file using wp_enqueue_scripts?
- Is it mandatory to enqueue any kind of Javsacript?
- wp_enqueue_script & constants?
- Can the index.asset.php file be used with the enqueue_block_editor_assets action?
- wp_enqueue_scripts is not working in my plugin
- How to place script in footer?
- Exclude JS file from 404 error page
- Building a slide down search box in wordpress
- Enqueue script if screen is greater than 500
- Script Localization doesn’t work
- Enqueue Javascript After ALL Other Scripts (Including Async Scripts)
- Enqueue js script to footer
- Enqueueing a script and a style sheet not working
- Adding a Javascript slideshow to the home page
- Is there a way to check for an attribute of a script when using script_loader_tag?
- Enqueue scripts all over but not in single.php
- Authentication with the Rest API when using an External Application
- Override do_item() Function to Add Extra Attribute to Scripts
- Proper way to enqueue a generated script that isn’t in a .js file?
- Enqueue scripts based on browser width?
- wp_enqueue_script not loading my custom js file
- Correctly enqueue scripts of type=text/paperscript (PaperJs Library)
- disable tags on wordpress text editor
- Scripts not loading through function Method in WordPress Theme
- How to execute Javascript on a WordPress page?
- Why is JavaScript being added to header as application/oembed?
- wp_enqueue_scripts not enqueing correctly
- Video script issue, JavaScript attribute remains ‘undefined’
- Javascript on Registration Page
- Do I just put the html in a page when enqueueng or do I also have to reference js file from the html page [closed]
- Should I manually resolve WP Core File security issues or await a subsequent WP release?
- Javascript asset not enqueuing with the rest
- Add crossorigin to SCRIPT tag
- Getting a variable inside foreach from PHP to JS after localization
- How do I know if I should enqueue JS code or just include it in ONE PHP function?
- Including Styles and JS files to work ON my plugin interface
- Linking wp_enqueue can’t find the javascript file (adds “?ver=x.x.x” to the src)
- Failing to load my script files in wordpress! i can’t figure out what i’m doing wrong
- Setting Variable Path to Template Directory inside Script
- wp_enqueue_script does not recognize my js file?
- What to include to use jQuery UI Auto Complete
- Bootstrap bundle present in page source but not working
- Dynamically add Js
- JS / jQuery in Elementor pages vs JS file
- Load JavaScript on specific page with @wordpress compiler
- How to load Javascript code or functions.php later in a child theme?
- Enqueued script fails
- Script Loaded in WordPress but won’t run
- How to pass data to javascript in custom widget class
- Loading two versions of same JS libary
- Proper way of minifiying java script files in wordpress theme
- How to register or enqueue script and stop it being called in head?
- Adding javascript script to header via functions.php
- How to delay display of page elements until enqueued script has injected html
- load-scripts.php loads incorrect file names
- Enqueue concatinated JS file in WordPress
- wp_enqueue_scripts doesn’t work for template pages
- JavaScript and Google PageSpeed + wp_enqueue_script
- Javascript file doesn’t load
- Put dynamic Javascript in header after doing operations
- early enqueueing javascript file in page template, not in functions.php
- Dequeue set-post-thumbnail.min.js
- jQuery + more won’t load in header
- JS enqueue path (localhost)
- Why can’t I load JS script in a plugin?
- Script loaders vs wp_enqueue_script
- convertEntities() used before it is defined
- JavaScript file successfully registered but does not render correctly
- wp_enqueue has a resource but doesn’t generate a script tag [duplicate]
- Orbit Slider and Events Manager Plug-in JavaScript
- Securing Contact Form 7 [closed]
- Uncaught ReferenceError: tippy is not defined