Bypass field sanitization

By Gavin Roberts, 8 years ago. Last reply by Gavin Roberts, 8 years ago.

Hi all,

When trying to create some custom widgets that take embed code from various websites, I’ve noticed that my content is sanitized before it even reaches my custom sanitizer.

add_action( 'init', function() {
    add_filter( 'siteorigin_widgets_sanitize_field_raw', function ($value) {
        return $value;
    });
});

Is there a way to avoid this without adding the various tags/attributes to the allowed_html within WordPress?

This is our free support forum. Replies can take several days. If you need fast email support, please purchase a SiteOrigin Premium license.

8 years, 2 months ago Alex S
Hi, I Work Here

Hi Gavin,
I’m going to forward this off to the development team as this might actually be a bug.
8 years, 2 months ago Gavin Roberts
Hey Alex,
Apologies, when I tried to reply soon after creating my account, it wouldn’t allow me (white page.)
I got around it by creating my own input type, however the textarea field inherits from the input field, which by default sanitizes using wp_kses_post, wiping out any HTML content. Unfortunately you lose any raw content when your custom sanitizer kicks in.
Thanks :)

Replies on this thread are closed. Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Page Builder

Widgets Bundle

SiteOrigin CSS

SiteOrigin Installer

WordPress Themes

Site Packs

Support Forum

SiteOrigin Blog

Bypass field sanitization

Get The Most Out of SiteOrigin with SiteOrigin Premium