How to securely set dynamic HTML content with JavaScript?
Using wp_kses_post to escape the texts before setting them in wp_add_inline_script is a good approach to prevent malicious content from being added to the page. This will ensure that the text is properly sanitized and only contains allowed HTML tags and attributes. If you want to allow certain HTML tags and attributes, you can use … Read more