I've got a question I could use some help on.
I have created a widget that includes a textarea in which I would like the user to be able to enter HTML. This is working okay, however I can't seem to get the formatting to work exactly the way I want. I essentially want to mimic the formatting in TinyMCE HTML view (and may end up just integrating this instead).
So if the user types:
and clicks save, that is exactly what I want to appear in the textarea. Alas, I can't seem to make this happen. I've tried all sorts of combinations of sanitization and escape functions in my widget's update() and form() functions, but can't seem to get it right. Here are some examples:
1. Using esc_textarea() in form() and wp_kses_post() in update() - all characters, including the
<b> tag get converted to special characters:
2. Omitting esc_textarea() in form() - the gets converted to a blank space ' ', which means users can't see exactly what the actual HTML is:
What combination of sanitization/escaping do I need on the update() and form() functions for my textarea widget to maintain explicitly encoded special characters, without encoding all special characters (those that aren't explicitly typed, like '<b>')? Do I have to do something like double encoding so ' ' ends up as '&nbp;'? Basically, how can I make a plain text area behave exactly like the HTML panel of TinyMCE.
Thanks a ton to anyone who can help!