Changes between Initial Version and Version 1 of Ticket #62361, comment 5
- Timestamp:
- 11/13/2024 09:44:34 AM (2 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #62361, comment 5
initial v1 3 3 I was going through the PR and had a teeny-tiny query about the approach. Here, if we pass the second parameter of the `format_to_edit()` function `true` then it would consider the content as rich text and skip the usage of `esc_textarea()`. I was wondering if this could cause security concerns as the data might not be escaped. 4 4 5 How about using `wp_kses_post()` to sanitize the content and pass it to wp_editordirectly? That way, the content will be sanitized and will serve the purpose as well.5 How about using `wp_kses_post()` to sanitize the content and pass it to `wp_editor()` directly? That way, the content will be sanitized and will serve the purpose as well. 6 6 7 7 Would love to hear your thoughts on this.