You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not necessarily opposed to using wp_kses here (although I think it's overkill) but if we do it here...why aren't we using it for every text field in the theme options? For category/term descriptions? Everywhere else? It would make a lot more sense to have a globally allowed list of tags for user-entered description text. It's weird to make this the only exception and then it also makes the docs here way too heavy-handed. This should be re-thought.
Questions:
what text fields do we sanitize with wp_kses or similar functions?
what text fields do we not sanitize?
what text fields should we sanitize?
what level of sanitization should each text field use?
This might require a spreadsheet. 😢
The text was updated successfully, but these errors were encountered:
From #1168:
Questions:
This might require a spreadsheet. 😢
The text was updated successfully, but these errors were encountered: