Can anyone explain it?
The official docs for that function say it strips percent encoded characters.
- Checks for invalid UTF-8,
- Converts single < characters to entities
- Strips all tags
- Removes line breaks, tabs, and extra whitespace
- Strips percent-encoded characters
https://developer.wordpress.org/reference/functions/sanitize_text_field/
It looks like it’s stripped out %ad and it has nothing to do with instances or leading/trailing, that function doesn’t understand that it’s a CSV etc, % probably isn’t the best character to use for this.
Why just the %ad though? In this case it’s the URL encoded value for aka a soft hyphen, or ­.
See https://www.w3schools.com/tags//ref_urlencode.asp for a more comprehensive table.
Related Posts:
- Should I sanitize an email address before passing it to the is_email() function?
- Escaping and sanitizing SVGs in metabox textarea
- What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
- Reason for Lowercase usernames
- What is the best way to sanitize data?
- Should nonce be sanitized?
- esc_url removes white space. Can I change that to using ‘-‘?
- WP Coding standards – escaping the inescapable?
- Sanitatizing when using the posts_where hook
- Escape hexadecimals/rgba values
- Must I serialize/sanitize/escape array data before using set_transient?
- Echo JavaScript Safely
- wp_kses ignore allowed and allow everything
- Sanitize array callback for the WordPress Settings API
- How to escape $_GET and check if isset?
- What’s a safe / good way to output HTML safely within WordPress templates?
- Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
- Sanitizing output that contains quotes?
- WP_Customize_Manager: How to get control ID
- How to use wp_filter_oembed_result?
- Sanitization html output itself
- Post text sanitization after publishing/editing – changes are not saved
- wp_set_object_terms() without accents
- Escaping data from database (users table) is necessary?
- Properly sanitize an input field “Name “
- What is the proper way to sanitize $_POST and $_GET vars?
- In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
- wordpress sanitize array?
- Should HTML output be passed through esc_html() AND wp_kses()?
- Sanitize content from wp_editor
- What’s the difference between esc_* functions?
- Sanitizing integer input for update_post_meta
- Sanitize User Entered CSS
- Which KSES should be used and when?
- Is sanitize_text_field() is enough to save to DB?
- How to sanitize select box values in post meta?
- WP doesn’t show Array Custom Fields?
- how to sanitize checkbox input?
- Sanitizing post content for use in an email
- How to get input_attrs in the sanitize function?
- What is the difference between sanitize_text_field() and wp_filter_nohtml_kses()?
- Sanitizing `wp_editor();` Values for Database, Edit, and Display
- I’m confused about URL sanitization in meta boxes
- Coding a plugin on WordPress; when should I sanitize? [duplicate]
- where to apply “apply filters” and other Sanitization Functions
- How to save html and text in the database?
- Multiple register settings, with same option name – issue
- Is default functions like update_post_meta safe to use user inputs?
- Sanitize textarea instead of input
- vs WordPress Security
- Cannot get ‘sanitize_callback’ to work for rest parameters
- How to sanitize user input?
- How to sanitize my cookie name
- Do We Need to Validate, Sanitize, or Filter Simple Numerical Superglobals (Cookies and Post)?
- wpdb get_results() and prepare when to use prepare?
- WordPress Settings API – Sanitize Integer
- WP_Editor – Saving Value into Plugin Option – Stripping HTML
- CSS from textarea in options page to frontend what to do
- How to get rid of shortcodes in post content once and for all
- Is it sensible to worry about sanitizing admin input in plugin custom CSS?
- How to use sanitize_callback?
- Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
- Are all hooks/functions tied to Kses meant for sanitization?
- sanitize_text_field and apostrophe problem
- Getting error to display radio button value in General Settings page
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- What’s the proper way to sanitize checkbox value sent to the database
- How to escape html generate by a loop
- Does meta-data need to be sanitized?
- Can A Post Meta Field Store multiple values that are not in an array?
- esc_attr on get_post_meta [closed]
- Using esc_url_raw with protocols properly
- Trouble creating custom sanitization function for user list dropdown
- Output Sanitation
- Display the line breaks in user bio without using html
- Sanitize $_GET variable when comparing
- Function sanitize_title() does not appear to be working
- Sanitaizing Select Optin For Custom Post Type Metabox in WP
- How to handle complex data with Settings API
- Toggle Shortcode Sanitize Title
- settings api and the data passed in the parameter
- HTML Img with data:image src gets sanitized in admin?
- Sanitizing URL in a WordPress plugin
- how to sanitize customizer checkbox control
- do I need to sanitize a shortcode’s function input?
- Form Sanitization and Validation
- Data not displaying in text field
- Can we validate data from jquery
- Proper Way to Sanitize Meta Input
- Sanitize html, where to sanitize
- Save selectlist value (taxonomy) in wp:wp_set_object_terms
- Notice: Undefined index: in options-framework.php
- How to use esc_attr__() function properly to translate a variable that contains string?
- oneOf two possible objects in WP REST API?
- Sanitize and Save metabox values
- esc_url, esc_url_raw or sanitize_url?
- Does it make sense to sanitize the output of an SVG file?
- Sanitization of register_setting()
- How to sanitize settings API value
- WooCommerce custom SVG coloring tool [closed]