Escaping widget content

  • Resolved ImageGuido

    (@guido07111975)


    1 month ago

    Hi,

    I’m trying to fix all errors that are flagged by the PCP.

    My widgets code is flagged becasue I did not escape before/after widget and before/after title:

    echo $args['before_widget']; // example: <aside class="widget">
    echo $args['before_title']; // example: <h3 class="widget-title">   
    echo $args['after_title']; // example: </h3>
    echo $args['after_widget']; // example: </aside>

    So I have now fixed it with wp_kses(). This is the only function I could find respecting the HTML markup of those tags:

    echo wp_kses( $args['before_widget'], 'post' );
    echo wp_kses( $args['before_title'], 'post' );
    echo wp_kses( $args['after_title'], 'post' );
    echo wp_kses( $args['after_widget'], 'post' );

    I wonder why this is best approach or not?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Imagethreadi

    (@threadi)

    1 month ago

    I would recommend wp_kses_post() instead. It allows all HTML codes that can also be used in posts, does basically the same thing as your code, but I find it easier to remember.

    Thread Starter ImageGuido

    (@guido07111975)

    1 month ago

    Good point, will use that instead. Unless there’s an even better way to do this..

    Guido

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.