Customiser & Sanitization

  • tascam424

    (@tascam424)


    8 years, 11 months ago

    Hi folks i’m hoping someone can assist me. I’m learning WordPress Theme Development and i’m just at the point of adding options in the customiser. I’m not sure how to correctly deal with html in a text area. I want to make sure that the texture is sanitised and safe, but also allow it to output HTML. This is the function and code that i’m using.

    $wp_customize->add_setting( 'fs_theme_footer', array(
	'default' => '',
	'type' => 'theme_mod',
	'capability' => 'edit_theme_options',
	'transport' => '',
	'sanitize_callback' => 'esc_textarea',
) );
$wp_customize->add_control( 'fs_theme_footer', array(
    'type' => 'textarea',
    'section' => 'fs_theme_footer',
    'label' => __( 'Textarea Field', 'fluidstudio' ),
    'description' => '',
) );

    In my theme

    <?php echo ( get_theme_mod( 'fs_theme_footer', '' ) ); ?>

    I have tried different variations of esc_url etc but i can’t seem to get the output to correctly display as html, instead the full html code shows on the front end.

    Any help would be greatly appreciated.

    Thanks

Viewing 1 replies (of 1 total)
  • HudsonValleyWebDesign

    (@jaycbrf)

    8 years, 11 months ago

    This is what I use in my Customizer fields

    
/**
   *	Sanitizes the text that's saved in the options to remove any code
   *	@param 	array 	$options               		The array of options to be sanitized
   *	@param 	array  	$sanitized_options		The array of sanitized options
   *	
**/	

function sanitize_fieldName ( $options ) {

	$sanitized_options  = array();

	foreach( $options as $option_key => $option_val ) {

		$sanitized_options [ $option_key ] = strip_tags( stripslashes( $option_val ) );

	} // end foreach

	return $sanitized_options;

} // end sanitize_text_options

    Hope this works for you.

Viewing 1 replies (of 1 total)

The topic ‘Customiser & Sanitization’ is closed to new replies.