Custom Fields
Re-Envisioned
Support General Text Area escape HTML comments

This topic contains 4 replies, has 2 voices, and was last updated by  Mr Jon Marks 4 weeks ago.

  • Creator
    Topic
  • #16153
    Resolved
    Mr Jon Marks
    Participant

    If I enter

    <!--comment fun -->
    

    into a text area the value gets changed to

    <!--comment fun --<
    

    (Ironically I can not should you in the ticket as you are doing the same thing here)

    Can some option like raw be added to textareas?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • #16154

    Mr Jon Marks
    Participant

    Comments are being escaped so <!– goes to & lt;!– when it should not

    #16156

    Mr Jon Marks
    Participant

    Upon investigation this maybe an issue with wp_pre_kses_less_than.

    An option to not call kses would still be nice though

    #16172

    Anh Tran
    Keymaster

    Hi Jon,

    Since version 5.1, we add sanitization for all inputs. For textarea field, we use the wp_kses_post for sanitization and it sanitizes the HTML comments as you see.

    If you want to keep that, you probably need to bypass the sanitization by setting 'sanitize_callback' => 'none' for the field. Or write your custom sanitize callback. Please see the documentation for details.

    #16174

    Mr Jon Marks
    Participant

    Kses escapes comments that have markup in them but not comments without markup. I made a new filter on this for now on pre_kses hook.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.