This thread is over two years old and may be outdated. Please create a new thread if you need help, or email us if you have an active Premium license.

Bypass field sanitization

Open 2 replies developerpluginplugin-page-builder
Gavin Roberts
9 years ago · Last reply by Gavin Roberts 9 years ago

Hi all,

When trying to create some custom widgets that take embed code from various websites, I’ve noticed that my content is sanitized before it even reaches my custom sanitizer.

add_action( 'init', function() {
    add_filter( 'siteorigin_widgets_sanitize_field_raw', function ($value) {
        return $value;
    });
});

Is there a way to avoid this without adding the various tags/attributes to the allowed_html within WordPress?

This is our free support forum. Replies can take several days.

Need fast email support? Get SiteOrigin Premium

Replies

2
  1. Alex S Staff 9 years, 6 months ago

    Hi Gavin,

    I’m going to forward this off to the development team as this might actually be a bug.

  2. Gavin Roberts 9 years, 6 months ago

    Hey Alex,

    Apologies, when I tried to reply soon after creating my account, it wouldn’t allow me (white page.)

    I got around it by creating my own input type, however the textarea field inherits from the input field, which by default sanitizes using wp_kses_post, wiping out any HTML content. Unfortunately you lose any raw content when your custom sanitizer kicks in.

    Thanks :)

Replies on this thread are closed.

Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Have a different question or issue?

Start New Thread