textarea doesn't show properly in html #6

Open
RhealPoirier opened this Issue Feb 7, 2012 · 1 comment

2 participants

@RhealPoirier

http://pea.rs/forms/multi-left-labels doesn't work but you can use htmlspecialchars() to the html section in the loop

<?php $key="html"; echo get_post_meta($post->ID, $key, true); ?>

to

<?php $key="html"; echo htmlspecialchars(get_post_meta($post->ID, $key, true)); ?>

@johnpbloch

A better way to do this would be to use WordPress' native escaping function for ALL variable content, allowing correct rendering and preventing XSS attacks.

For textareas:

echo esc_textarea( $whatever );

For attributes:

echo esc_attr( $whatever );

For code that needs to be functional:

echo esc_html( $whatever );

unless it's javascript, in which case:

echo esc_js( $whatever );

And, of course, if it's a url:

echo esc_url( $whatever );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment