escaping

Escaping and Special Characters (e.g. &)

If I put <script>alert(‘hello’);</script> in the title of a WordPress page with the default theme the script runs. This is expected behaviour. HTML is typically allowed in titles in WordPress. The standard WordPress function, the_title(), does not escape the title. If you don’t want to allow script tags then you need to sanitize the input … Read more

Escaping Issues

The point of escaping is to make sure that when a value is output, it cannot output anything malicious, or that would just break the markup of the page. For example, when outputting a variable, you will want to escape certain characters so that the value can’t unintentionally open or close HTML tags, which could … Read more

problem with quotes on new post

$post_content=”&quot;Neque porro quisquam est qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit…&quot;”; Try encoding special characters. See: http://www.w3schools.com/tags/ref_entities.asp & http://php.net/manual/en/function.htmlentities.php

Allow iframe in custom meta box

I tried your code and it works: I changed the wp_verify_nonce function, because that wasn’t working for me. I added an action instead of what it had. Now, for this to work, you have to create a nonce field with a code like this, of course that you can change the names if you want. … Read more

+ More
techhipbettruvabetnorabahisbahis forumuedusedueduedueduedueduedueduedus