Context Navigation

← Previous Ticket
Next Ticket →

#62697 closed enhancement (duplicate)

Replace strip_tags() with wp_strip_all_tags() for improved security and consistency.

Reported by:	vishalpadhariya	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:
Component:	General	Keywords:
Focuses:		Cc:

Description

strip_tags() is being used, but it is discouraged in WordPress as it only removes HTML tags and does not account for potential inline scripts or other malicious content. It is recommended to use wp_strip_all_tags() instead, as it provides a more comprehensive and secure way to sanitize input by stripping all tags and ensuring cleaner data.

This change improves code security and aligns with WordPress coding standards.

Attachments (1)

62697.patch (1.2 MB) - added by vishalpadhariya 3 months ago.

Download all attachments as: .zip

Change History (5)

#1 @vishalpadhariya
3 months ago

"I am assigning this ticket to myself to replace the usage of strip_tags() with wp_strip_all_tags() for better security and adherence to WordPress coding standards. I will review the code, make the necessary changes, and ensure compatibility."

@vishalpadhariya
3 months ago

Attachment 62697.patch added

#2 @vishalpadhariya
3 months ago

Keywords close dev-feedback added; needs-patch removed
Resolution set to wontfix
Status changed from new to closed

#3 @swissspidy
3 months ago

Milestone Awaiting Review deleted

#4 @sabernhardt
3 months ago

Keywords close dev-feedback removed
Resolution changed from wontfix to duplicate
Version trunk deleted

#57579 already tracks the proposal to replace (most) calls to strip_tags().

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core