Is there any way to remove the <script> tags including their contents?
wp_kses_post seems to only remove the tags, while their content remains visible on the page.
Thank you
5 Answers
KSES is designed to prevent execution of undesired and potentially dangerous tags, not preventing display of the innerHTML. Blocking the content would require
–1 Either a custom function that used some kind of string manipulation or xmlDOM manipulation to remove content; or
–2 A function that blocked posts that contain the tag with a message why the post failed and instructions for using HTML codes to render script tag when using it in tutorials rather than as an execution tag.
Number 1 may produce performance issues with its higher overhead. If optimizing performance is an issue or if the site involves heavy posting by multiple users, then #2 is likely a more feasible solution.