Text Area escape HTML comments - Meta Box

This topic has 4 replies, 2 voices, and was last updated 5 years, 2 months ago by Mr Jon Marks.

Viewing 5 posts - 1 through 5 (of 5 total)

Author

Posts
September 16, 2019 at 6:16 PM #16153
Mr Jon Marks
Participant
If I enter
```

```
into a text area the value gets changed to
```
<!--comment fun --<
```
(Ironically I can not should you in the ticket as you are doing the same thing here)

Can some option like raw be added to textareas?

Add New Note to this Reply
September 16, 2019 at 6:22 PM #16154

Mr Jon Marks
Participant

Comments are being escaped so <!-- goes to & lt;!-- when it should not

Add New Note to this Reply

September 16, 2019 at 6:39 PM #16156

Mr Jon Marks
Participant

Upon investigation this maybe an issue with wp_pre_kses_less_than.

An option to not call kses would still be nice though

Add New Note to this Reply

September 17, 2019 at 4:19 PM #16172

Anh Tran
Keymaster

Hi Jon,

Since version 5.1, we add sanitization for all inputs. For textarea field, we use the wp_kses_post for sanitization and it sanitizes the HTML comments as you see.

If you want to keep that, you probably need to bypass the sanitization by setting 'sanitize_callback' => 'none' for the field. Or write your custom sanitize callback. Please see the documentation for details.

Add New Note to this Reply

September 17, 2019 at 5:04 PM #16174

Mr Jon Marks
Participant

Kses escapes comments that have markup in them but not comments without markup. I made a new filter on this for now on pre_kses hook.

Thanks

Add New Note to this Reply
Author

Posts

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.