sanitization - Read For Learn

Getting error to display radio button value in General Settings page

Apart from the isset issue, pointed by Rarst, there’s an error in the sanitization function. esc_attr seems not to work with radio buttons, using esc_sql does the job. You’re also missing the checked state for the buttons: add_filter( ‘admin_init’, ‘myservice_register_function’ ); function myservice_register_function() { register_setting( ‘general’, ‘my_service’, ‘esc_sql’ ); add_settings_field( ‘my_service’, ‘<label for=”service_need”>’.__(‘Do You need … Read more

Do we have to santise html passing into Javascript ? How?

No, in fact sanitizing the string you listed would remove the HTML. The sanitizing functions are meant for user inputted data like a form submission. You can’t always trust the information they pass through. Sometimes hackers may input malicious code that would be executed on your site after submission if you did not run it … Read more

Change wp_sanitize function?

sanitize_text_field and apostrophe problem

Are all hooks/functions tied to Kses meant for sanitization?

… anything I find in core with either kses in the code or the PHP comments has to do with data sanitization? It would have to do with the functions that sanitize data or with data that needs to be sanitized, yes. That is the primary reason for the KSES code, which, if you look … Read more

Theme Customizier sanitize_callback not working

Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break

You should use the helping site of validation – https://codex.wordpress.org/Data_Validation I think in your context is wp_kses the right function. You can allow html tags. The function have a lot of possibilities to use it with custom requirements. A small example to fast usage: $allowed_html = array( ‘a’ => array( ‘href’ => array(), ‘title’ => … Read more

How to use sanitize_callback?

Turns out it was finding the error in some backup files I was keeping around. Once I removed those files, the error went away.

What is the safe way to print tracking code / pixel code before tag or tag

It sounds like you’re trying to implement a general purpose field for users to enter any kind of tracking code/JS into. This approach gives users the most flexibility but it means that you are trusting them to put whatever JavaScript that they want into the header and footer. By default, users need the administrator or … Read more

Is it sensible to worry about sanitizing admin input in plugin custom CSS?

In those cases focusing on security is IMHO the wrong thing. Those JS/HTML/CSS text boxes are user hostile as the developer basically expects user to be able to write code, where sometimes it is even hard for users to just copy & paste code. In the worst case when the customizer is not used, some … Read more

+ More