Wysiwyg sanitization - allow nothing but what I define

This topic has 2 replies, 2 voices, and was last updated 3 weeks ago by Peter.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
March 20, 2025 at 6:17 PM #47869

Duffl
Participant

Hi! Do I see correctly that wysiwyg fields use wp_kses for sanitization?

I am asking because I have the issue that the tags allowed by this are still too many.
Some users copy-paste contents they took from LinkedIn. Some of the tags that get pasted actually destroy the layout in frontend.
Of course they could use that "paste text only" button but they keep forgetting that.

So I would like to ask if it is possible to set the fields to "strip all tags, allow only the following..." - and if that is possible, could you give me a hint or an example as to how to integrate that?
I do understand this tag list (https://core.trac.wordpress.org/browser/trunk/src/wp-includes/kses.php) but I do not yet know how to best use that for metabox wysiwyg (and maybe also text and textarea...)

Thank you in advance!

Regards!

Add New Note to this Reply

March 26, 2025 at 8:30 PM #47921

Duffl
Participant

*bump* 🙂

Add New Note to this Reply

March 26, 2025 at 11:07 PM #47927

Peter
Moderator

Hello Duffl,

Sorry for the late reply. The WYSIWYG field uses wp_kses_post function for sanitization. You can also create your own custom function to sanitize the field value.
Please follow the documentation https://docs.metabox.io/sanitization/
https://github.com/wpmetabox/meta-box/blob/master/inc/sanitizer.php#L85

Add New Note to this Reply
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.