For example, if you add the following to the Custom Code field:
the following is added to the page:
I understand that we should “never trust the user”, and that’s fine when they are entering information to display. However, when they are entering code that is going to be executed, they have to be trusted. If you really don’t trust them, then you don’t give them the ability to add code.
Bear in mind that anyone who has access to enter information in this field probably has access to the Plugin and Theme Editors, where they can certainly enter code that is executed.
I’ve written a post (How To Set Up Site Speed For Google Analytics In WordPress), which includes information on how to hack the plugin to stripslashes when this field is added to the code (and when displayed in the Settings page, or it adds slashes upon slashes).
Joost, is there any chance of getting this added to the plugin? Or is there something that I’m missing? Thanks.
- The topic ‘Need to stripslashes for the Custom Code field’ is closed to new replies.