I have a custom post textbox that I want to sanitize using
wp_kses before I update my post meta.
I was looking for examples of common
$allowed settings, but I have only seen this example:
$allowed = array( 'a' => array( // on allow a tags 'href' => array() // and those anchors can only have href attribute ) );
What is a typical
$allowed setting? Can someone provide an example of what they normally filter for?
I would disagree with the solution posted by @JaredCobb,
wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in
wp_kses() would return
<strong> if you did not allow class, whereas
strip_tags() would remove the
@redconservatory: The attributes you’ll want to use are as follows:
$args = array( //formatting 'strong' => array(), 'em' => array(), 'b' => array(), 'i' => array(), //links 'a' => array( 'href' => array() ) );
This will allow bold and italics with no attributes, as well as anchor tags with an
href attributes…and nothing else. It uses the whitelisting principle, which @jaredcobb rightly noted is the better way to go here.