10

I understand that sanitising user input is important and i want to make sure bad stuff is removed but i also want to be able to have users add html to a custom field.

The wordpress sanitise text field function does a great job but i want to tell it to keep html.

Is there another function i can use that will allow me to do that?

Stackoverflow won't let me post a short question so it seems i need to pad it out. Sorry about this.

I've tried looking up the function in the wordpress codex to see if there are parameters that i can switch in order for it to allow html. I've taken out the sanitise function to see if that works and of course it does.

binarystarr
  • 157
  • 2
  • 8
  • It's not a duplicate, but would the answer to this question help? http://stackoverflow.com/questions/2127009/using-wordpress-can-some-one-tell-me-the-best-way-of-sanitizing-input?rq=1 – user1725145 Jan 20 '14 at 14:38

1 Answers1

18

wp_kses() will do what you need. You need to tell it what tags to allow. Alternatively use wp_kses_post() which allows anything you can add to a post. This one may not be strict enough for user input though so I'd suggest going with the first.

echo wp_kses( $text, array( 
    'a' => array(
        'href' => array(),
        'title' => array()
    ),
    'br' => array(),
    'em' => array(),
    'strong' => array(),
) );

http://codex.wordpress.org/Function_Reference/wp_kses http://codex.wordpress.org/Function_Reference/wp_kses_post

Nathan Dawson
  • 18,138
  • 3
  • 52
  • 58