Front-end Editor
[resolved] Can I still escape (3 posts)

  1. Sam_a
    Posted 4 years ago #

    Hello scribu,

    Ordinarily I would display meta fields with text data (no html) like

    <?php echo esc_html( strip_tags( get_post_meta( $post->ID, 'some_text', true ) )); ?>.

    If I use editable_post_meta() instead, I assume the field value will be output unescaped. Is that true? Is there any way I can strip and escape like before?

    Thanks for any advice you can provide. S


  2. scribu
    Plugin Author

    Posted 4 years ago #

    Finally, someone that cares about security. :)

    You can use the 'post_meta' filter:

    function my_custom_field_escaping( $content, $post_id, $key ) {
    	if ( 'some_key' == $key )
    		return strip_tags( $content );
    	return $content;
    add_filter( 'post_meta', 'my_custom_field_escaping', 10, 3 );
  3. Sam_a
    Posted 4 years ago #

    Got it, thanks.

    I'll see if I can escape based on the $type parameter if my filter function…

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Front-end Editor
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic