No, in fact sanitizing the string you listed would remove the HTML. The sanitizing functions are meant for user inputted data like a form submission. You can’t always trust the information they pass through. Sometimes hackers may input malicious code that would be executed on your site after submission if you did not run it … Read more
Change wp_sanitize function?
sanitize_text_field and apostrophe problem
… anything I find in core with either kses in the code or the PHP comments has to do with data sanitization? It would have to do with the functions that sanitize data or with data that needs to be sanitized, yes. That is the primary reason for the KSES code, which, if you look … Read more
Theme Customizier sanitize_callback not working
You should use the helping site of validation – https://codex.wordpress.org/Data_Validation I think in your context is wp_kses the right function. You can allow html tags. The function have a lot of possibilities to use it with custom requirements. A small example to fast usage: $allowed_html = array( ‘a’ => array( ‘href’ => array(), ‘title’ => … Read more
Turns out it was finding the error in some backup files I was keeping around. Once I removed those files, the error went away.
It sounds like you’re trying to implement a general purpose field for users to enter any kind of tracking code/JS into. This approach gives users the most flexibility but it means that you are trusting them to put whatever JavaScript that they want into the header and footer. By default, users need the administrator or … Read more
In those cases focusing on security is IMHO the wrong thing. Those JS/HTML/CSS text boxes are user hostile as the developer basically expects user to be able to write code, where sometimes it is even hard for users to just copy & paste code. In the worst case when the customizer is not used, some … Read more
So I solved my problem using the wp_insert_post($array) but before I used wp_insert_post() I had to remove a filter as shown below. remove_filter(‘content_save_pre’, ‘wp_filter_post_kses’); remove_filter(‘content_filtered_save_pre’, ‘wp_filter_post_kses’); // Add code to insert post(s) with html elements here $post = array( ‘post_content’ => ‘<a href=”#” title=”text”>text</a> some random text’, ); wp_insert_post($post); // Then add the filters back … Read more