Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #62361, comment 5


Ignore:
Timestamp:
11/13/2024 09:44:34 AM (2 months ago)
Author:
yogeshbhutkar
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #62361, comment 5

    initial v1  
    33I was going through the PR and had a teeny-tiny query about the approach. Here, if we pass the second parameter of the `format_to_edit()` function `true` then it would consider the content as rich text and skip the usage of `esc_textarea()`. I was wondering if this could cause security concerns as the data might not be escaped.
    44
    5 How about using `wp_kses_post()` to sanitize the content and pass it to wp_editor directly? That way, the content will be sanitized and will serve the purpose as well.
     5How about using `wp_kses_post()` to sanitize the content and pass it to `wp_editor()` directly? That way, the content will be sanitized and will serve the purpose as well.
    66
    77Would love to hear your thoughts on this.