wordpresssanitize

Sanitise in wordpress but keep html


I understand that sanitising user input is important and i want to make sure bad stuff is removed but i also want to be able to have users add html to a custom field.

The wordpress sanitise text field function does a great job but i want to tell it to keep html.

Is there another function i can use that will allow me to do that?

Stackoverflow won't let me post a short question so it seems i need to pad it out. Sorry about this.

I've tried looking up the function in the wordpress codex to see if there are parameters that i can switch in order for it to allow html. I've taken out the sanitise function to see if that works and of course it does.


Solution

  • wp_kses() will do what you need. You need to tell it what tags to allow. Alternatively use wp_kses_post() which allows anything you can add to a post. This one may not be strict enough for user input though so I'd suggest going with the first.

    echo wp_kses( $text, array( 
        'a' => array(
            'href' => array(),
            'title' => array()
        ),
        'br' => array(),
        'em' => array(),
        'strong' => array(),
    ) );
    

    http://codex.wordpress.org/Function_Reference/wp_kses http://codex.wordpress.org/Function_Reference/wp_kses_post