• Resolved Copiaurbietorbi

    (@copiaurbietorbi)


    Folks,

    Good day.

    We added a script to one of the sections in our theme, but it keeps being sanitized after we clear caches.

    We would like to keep it in that section as it will save us a lot of time and effort.

    We tried using <div><script></div>, but it keeps doing the same.

    Perhaps we need to disable the function sanitize_*() for this section only. But we don’t know how to do it and where to find it specifically for that section of the theme.

    Your help is welcome and greatly appreciated it.

Viewing 9 replies - 1 through 9 (of 9 total)
  • threadi

    (@threadi)

    I don’t quite see the connection in your question, but I suspect you’re looking for kses. See: https://tommcfarlin.com/what-is-wordpress-kses/ – presumably this fishes out your

    Thread Starter Copiaurbietorbi

    (@copiaurbietorbi)

    Good day @threadi,

    Certainly the use of the function you mention is required to add post IDs or other conditions as needed to target specific sections; but we just need to make sure the script we add remains in the section of the theme despite the process of clearing caches, not necessarily the sanitizing.

    While we wait for other advices, we apologize for the confusion and we thank you for your insights.

    threadi

    (@threadi)

    With https://developer.wordpress.org/reference/functions/wp_kses_post/ you can have a complete string checked in this respect – without any further conditions. The conditions that apply here are the globally stored kses conditions in WordPress. These can in turn be influenced with this hook: https://developer.wordpress.org/reference/hooks/wp_kses_allowed_html/

    I don’t think it will be possible to answer your question any further without source codes from you.

    Thread Starter Copiaurbietorbi

    (@copiaurbietorbi)

    Let’s see:

    Our theme has some predetermined sections.

    We chose one of them and changed the title and the text while adding some simple HTML code (mainly <br>, <span>) plus the script we needed in the form of:

    <script async src="https://xxx.searchengine.com/xxx.js?cx=12345qwer0987lkjh">
    
    </script>
    
    <div class="XXX-searchboxengine-only"></div>

    It looked great once finished. But after we saved it and cleared caches, the theme kept the changes on the text and the basic HTML, except the script above.

    We would like to find a way to keep it where we are choosing without compromising security.

    We added some code on functions.php to create a custom HTML short code and handling it accordingly while using the class on a div to enclose the script in the section selected on the theme. However it didn’t work.

    Any ideas on how to solve this challenge?

    There is still a lack of information to help you.

    How do you save these “predetermined sections”? What kind of caches do you mean?

    As already mentioned, the relevant source code would be important to be able to help you.

    Thread Starter Copiaurbietorbi

    (@copiaurbietorbi)

    Once you are in your wordpress dashboard,
    You go to appearance > customize > frontpage sections > sections of your theme > section in question to customize (https://imgur.com/pmdVRBL );

    Here we added some basic HTML code to customize the section subtitle area,
    We also added the script shared before in that area.

    Once we finished the work, we checked the page and it did look the way we wanted.
    But when we saved it and checked it to preview the mobile version of what we did,
    The script we shared before was not there anymore.

    We tried some of the ideas we shared here, but with no success. The script is not kept after we save the work.
    We are looking for ways to solve this easy and without compromising the security of the site.

    Now, any idea you may have to solve this out will be more than welcome and appreciated.
    If you don’t have any, then please let someone else try to help us with this particular issue.

    Thank you for your help and interest,

    So we are slowly getting closer to solving the puzzle. So you’re building a classic theme – that’s important information, as it at least limits the possibilities for helping you thematically.

    The path you mentioned in the Customiser does not exist in every theme. To be more precise: I have never seen it. I assume you have developed the section for the “Frontpage Sections” individually? There is a lot about this in the manual: https://developer.wordpress.org/themes/customize-api/customizer-objects/

    Have you built in your own sanitize_callback functions for the individual settings, which can be used to validate and sanitise the entries? Here the source code would be interesting again …

    And how are your entries displayed in the frontend? The source code would also be important here …

    As long as no source code comes from you, nobody else here will probably have a better crystal ball. You are welcome to upload it to https://gist.github.com, for example.

    Thread Starter Copiaurbietorbi

    (@copiaurbietorbi)

    We have tried many themes with the same path that we presented. And no, we haven’t developed any section of the “Frontpage Sections” on the theme.

    Therefore no, we haven’t built any sanitize_callback functions. We just came across these topics when we tried to find out ways to solve our challenge.

    Having said that, the only entry we could find on functions.php is this:

    require_once( Theme_PHP_INCLUDE . ‘helpers/sanitize-functions.php’ );

    As for the entries displayed in the front end, we can share an example of this as follows:

    <?php
    
    /**
    
     * The template for displaying all single posts and attachments.
    
     */
    
    get_header();
    
    do_action( ‘theme_before_single_page_wrapper' );
    
    ?>
    
    <div class="<?php echo theme_layout(); ?>">
    
    <?php
    
    $class_to_add = '';
    
    if ( class_exists( 'WooCommerce', false ) && ! is_cart() ) {
    
    $class_to_add = 'blog-post-wrapper';
    
    }
    
    ?>
    
    <div class="blog-post <?php esc_attr( $class_to_add ); ?>">
    
    <div class="container">
    
    <?php
    
    if ( have_posts() ) :
    
    while ( have_posts() ) :
    
    the_post();
    
    get_template_part( 'template-parts/content', 'page' );
    
    endwhile;
    
    else :
    
    get_template_part( 'template-parts/content', 'none' );
    
    endif;
    
    ?>
    
    </div>
    
    </div>
    
    <?php get_footer(); ?>

    Thread Starter Copiaurbietorbi

    (@copiaurbietorbi)

    We are going to try another way to solve this issue. Thank you all for your help and interest!

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.