Meta Box

Text Area escape HTML comments

Support General Text Area escape HTML commentsResolved

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 16, 2019 at 6:16 PM #16153
    Mr Jon MarksMr Jon Marks
    Participant

    If I enter

    <!--comment fun -->

    into a text area the value gets changed to

    <!--comment fun --<

    (Ironically I can not should you in the ticket as you are doing the same thing here)

    Can some option like raw be added to textareas?

    September 16, 2019 at 6:22 PM #16154
    Mr Jon MarksMr Jon Marks
    Participant

    Comments are being escaped so <!-- goes to & lt;!-- when it should not

    September 16, 2019 at 6:39 PM #16156
    Mr Jon MarksMr Jon Marks
    Participant

    Upon investigation this maybe an issue with wp_pre_kses_less_than.

    An option to not call kses would still be nice though

    September 17, 2019 at 4:19 PM #16172
    Anh TranAnh Tran
    Keymaster

    Hi Jon,

    Since version 5.1, we add sanitization for all inputs. For textarea field, we use the wp_kses_post for sanitization and it sanitizes the HTML comments as you see.

    If you want to keep that, you probably need to bypass the sanitization by setting 'sanitize_callback' => 'none' for the field. Or write your custom sanitize callback. Please see the documentation for details.

    September 17, 2019 at 5:04 PM #16174
    Mr Jon MarksMr Jon Marks
    Participant

    Kses escapes comments that have markup in them but not comments without markup. I made a new filter on this for now on pre_kses hook.

    Thanks

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.