echo get_option and script

  • sacher

    (@sacher)


    14 years, 11 months ago

    Hi,
    I’m creating a new theme and want to pass the aweber code to the home page by using an option panel where the user can paste the javascript code into a text box and this text will be echo where required.

    The code entered by the user in the text box (called mt_optin)will be

    <script type="text/javascript" src="http://forms.aweber.com/form/33/XXXXXXXXX.js"></script>

    To echo it I use 

    <div id="optinbox">
<?php echo get_option('mt_optin'); ?>
</div>

    But the aweber opt in box in not showed. I guess it is because the echoed text includes a backslash after type= and src=

    <script type=\”text/javascript\” src=\”http://forms.aweber.com/form/33/420341433.js\”></script>

    Anyone can help me?

    Thanks in advance

Viewing 1 replies (of 1 total)
  • Chip Bennett

    (@chipbennett)

    14 years, 11 months ago

    Since HTML, URLs, and JS are sanitized/escaped differently, I would have the user store only the script SRC in the option, rather than the entire script markup. That way, you can more-precisely sanitize and escape the user input:

    <div id="optinbox">
<script
 type="text/javascript"
 src="<?php echo get_option( 'mt_optin' ); ?>"
></script>
</div>

    Also, be sure to escape the user data on output:

    src="<?php echo esc_url( get_option( 'mt_optin' ) ); ?>"

    Also, I don’t know how aWeber form script URLs work, but if the only part of the URL that changes is “XXXXXXXXX”, you could simplify things even further, by having the user enter just this value as the Theme Option.

    And, you really should be storing your options as a single options array, e.g.

    $mt_options = get_option( 'mt_theme_options' );
$mt_optin = $mt_options['optin'];

Viewing 1 replies (of 1 total)

The topic ‘echo get_option and script’ is closed to new replies.

Tags