Support » Developing with WordPress » How to sanitize an admin text field but still allow quotes?

  • Resolved David Gewirtz

    (@dgewirtz)


    I have a text area where users can enter a paragraph or two of information. They want to be able to embed links, specify bold and italic, force line breaks, and include quotes around strings. I started with:

    $note = sanitize_text_field($note);

    which just cleaned everything up. I thought wp_kses would be my answer:

       $allowed_html = [
                'a'      => [
                    'href'  => [],
                    'title' => [],
                ],
                'br'     => [],
                'em'     => [],
                'strong' => [],
            ];
            $note= wp_kses( $note, $allowed_html );

    But it escapes any single or double quotation mark. Is there a way to use sanitation to allow certain HTML and ALSO allow single and double quotation marks?

    Thanks!

    –David

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    wp_kses() does not escape quotes, however textarea data from the browser arrives in PHP with quotes escaped. Run the data through stripslashes() before using wp_kses().

    • This reply was modified 1 year, 4 months ago by bcworkz.
    Thread Starter David Gewirtz

    (@dgewirtz)

    @bcworkz you so totally rock! Thank you! That did it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to sanitize an admin text field but still allow quotes?’ is closed to new replies.