Changes between Initial Version and Version 1 of Ticket #62885, comment 1
- Timestamp:
- 01/30/2025 04:14:41 PM (11 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #62885, comment 1
initial v1 1 Exmple 1 Example 2 {{{ 2 3 function custom_message_shortcode() { 3 4 … … 10 11 } 11 12 add_shortcode('custom_message', 'custom_message_shortcode'); 13 }}} 12 14 13 This line of code uses preg_replace() to sanitize a string by removing potentially unsafe event handler attributes (like onclick, onmouseover, etc.) from HTML elements.15 This line of code uses `preg_replace()` to sanitize a string by removing potentially unsafe event handler attributes (like `onclick`, `onmouseover`, etc.) from HTML elements. 14 16 15 17 This is a security measure to prevent malicious JavaScript from being executed via event handler attributes in user-supplied content. It helps mitigate risks like Cross-Site Scripting (XSS). … … 21 23 22 24 23 so preg_replace( '/\s*on\w+\s*=\s*["\']?.*?["\']?/i', '', $safe_text );line25 so `preg_replace( '/\s*on\w+\s*=\s*["\']?.*?["\']?/i', '', $safe_text );` line 24 26 sanitized and escaped html