How to sanitize an admin text field but still allow quotes? | WordPress.org

Resolved David Gewirtz
(@dgewirtz)

2 years, 6 months ago
I have a text area where users can enter a paragraph or two of information. They want to be able to embed links, specify bold and italic, force line breaks, and include quotes around strings. I started with:

$note = sanitize_text_field($note);

which just cleaned everything up. I thought wp_kses would be my answer:
```
   $allowed_html = [
            'a'      => [
                'href'  => [],
                'title' => [],
            ],
            'br'     => [],
            'em'     => [],
            'strong' => [],
        ];
        $note= wp_kses( $note, $allowed_html );
```
But it escapes any single or double quotation mark. Is there a way to use sanitation to allow certain HTML and ALSO allow single and double quotation marks?

Thanks!

–David

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator bcworkz
(@bcworkz)

2 years, 6 months ago
wp_kses() does not escape quotes, however textarea data from the browser arrives in PHP with quotes escaped. Run the data through stripslashes() before using wp_kses().
- This reply was modified 2 years, 6 months ago by bcworkz.
Thread Starter David Gewirtz
(@dgewirtz)

2 years, 6 months ago

@bcworkz you so totally rock! Thank you! That did it.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘How to sanitize an admin text field but still allow quotes?’ is closed to new replies.

In: Developing with WordPress
2 replies
2 participants
Last reply from: David Gewirtz
Last activity: 2 years, 6 months ago
Status: resolved

Topic Tags

sanitation

Views